Rails 3.2: invalid %-encoding (100%)

I started getting exception notifications recently from the server
just about the time I upgraded to Rails 3.2. I don’t know if that is a
coincidence or not. Evidently some robot is hitting my site with:

and that is throwing an exception.

I have two questions:

  1. First, just out of curiosity, who puts
    “iframe=true&width=100%&height=100%” on their requests, and why?

  2. Second, obviously I don’t want a 500 error. How can I filter out
    the parameters before it crashes?


A ArgumentError occurred in home#index:

invalid %-encoding (100%)

The top part of the stack is:

decode_www_form_component' rack (1.4.1) lib/rack/utils.rb:39:in unescape’
rack (1.4.1) lib/rack/utils.rb:88:in block (2 levels) in parse_nested_query' rack (1.4.1) lib/rack/utils.rb:88:in map’
rack (1.4.1) lib/rack/utils.rb:88:in block in parse_nested_query' rack (1.4.1) lib/rack/utils.rb:87:in each’
rack (1.4.1) lib/rack/utils.rb:87:in parse_nested_query' rack (1.4.1) lib/rack/request.rb:334:in parse_query’
rack (1.4.1) lib/rack/request.rb:186:in GET' actionpack (3.2.0) lib/action_dispatch/http/request.rb:225:in GET’
actionpack (3.2.0) lib/action_dispatch/http/parameters.rb:10:in
parameters' actionpack (3.2.0) lib/action_dispatch/http/filter_parameters.rb:33:in filtered_parameters’
actionpack (3.2.0)
lib/action_controller/metal/instrumentation.rb:21:in process_action' actionpack (3.2.0) lib/action_controller/metal/params_wrapper.rb:205:in process_action’
activerecord (3.2.0)

Having the same problem.
These requests are from people who use webproxies.

I keep seeing on github that similar issues with
URI.decode_www_form_component have been solved a while ago, yet it still
happens to me. Any ideas how to handle this gracefully before getting a
server error?