Rails 3.2: invalid %-encoding (100%)

I started getting exception notifications recently from the server
just about the time I upgraded to Rails 3.2. I don’t know if that is a
coincidence or not. Evidently some robot is hitting my site with:

mydomain.com?iframe=true&width=100%&height=100%

and that is throwing an exception.

I have two questions:

  1. First, just out of curiosity, who puts
    “iframe=true&width=100%&height=100%” on their requests, and why?

  2. Second, obviously I don’t want a 500 error. How can I filter out
    the parameters before it crashes?

Thanks!


A ArgumentError occurred in home#index:

invalid %-encoding (100%)
/home/xxxxx/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/uri/common.rb:911:in
`decode_www_form_component’

The top part of the stack is:

/home/xxxxxx/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/uri/common.rb:911:in
decode_www_form_component' rack (1.4.1) lib/rack/utils.rb:39:inunescape’
rack (1.4.1) lib/rack/utils.rb:88:in block (2 levels) in parse_nested_query' rack (1.4.1) lib/rack/utils.rb:88:inmap’
rack (1.4.1) lib/rack/utils.rb:88:in block in parse_nested_query' rack (1.4.1) lib/rack/utils.rb:87:ineach’
rack (1.4.1) lib/rack/utils.rb:87:in parse_nested_query' rack (1.4.1) lib/rack/request.rb:334:inparse_query’
rack (1.4.1) lib/rack/request.rb:186:in GET' actionpack (3.2.0) lib/action_dispatch/http/request.rb:225:inGET’
actionpack (3.2.0) lib/action_dispatch/http/parameters.rb:10:in
parameters' actionpack (3.2.0) lib/action_dispatch/http/filter_parameters.rb:33:infiltered_parameters’
actionpack (3.2.0)
lib/action_controller/metal/instrumentation.rb:21:in process_action' actionpack (3.2.0) lib/action_controller/metal/params_wrapper.rb:205:inprocess_action’
activerecord (3.2.0)
lib/active_record/railties/controller_runtime.rb:18:in
`process_action’

Having the same problem.
These requests are from people who use webproxies.

I keep seeing on github that similar issues with
URI.decode_www_form_component have been solved a while ago, yet it still
happens to me. Any ideas how to handle this gracefully before getting a
server error?