18 Sep 2011
Sanitizing POST params in Rack
Rack is a handy way to get Ruby up and running on a web server, but it’s picky about input. Recently, I tried to post a URL with an ampersand (&) to a Rack instance, and because the URL contained an ampersand, Rack parsed the data wrong. It considers ampersands to be separating tokens.
When I can control the input, I can simply use percent encoding to escape the ampersand (%26). But for dealing with malformed input, Rack needs to rewrite the POST data before processing it.
Thanks to Pivotal Labs for the crucial bits of code.