Rails 3.2: invalid %-encoding (100%)

I started getting exception notifications recently from the server
just about the time I upgraded to Rails 3.2. I don’t know if that is a
coincidence or not. Evidently some robot is hitting my site with:


and that is throwing an exception.

I have two questions:

  1. First, just out of curiosity, who puts
    “iframe=true&width=100%&height=100%” on their requests, and why?

  2. Second, obviously I don’t want a 500 error. How can I filter out
    the parameters before it crashes?


A ArgumentError occurred in home#index:

invalid %-encoding (100%)

The top part of the stack is:

decode_www_form_component' rack (1.4.1) lib/rack/utils.rb:39:inunescape’
rack (1.4.1) lib/rack/utils.rb:88:in block (2 levels) in parse_nested_query' rack (1.4.1) lib/rack/utils.rb:88:inmap’
rack (1.4.1) lib/rack/utils.rb:88:in block in parse_nested_query' rack (1.4.1) lib/rack/utils.rb:87:ineach’
rack (1.4.1) lib/rack/utils.rb:87:in parse_nested_query' rack (1.4.1) lib/rack/request.rb:334:inparse_query’
rack (1.4.1) lib/rack/request.rb:186:in GET' actionpack (3.2.0) lib/action_dispatch/http/request.rb:225:inGET’
actionpack (3.2.0) lib/action_dispatch/http/parameters.rb:10:in
parameters' actionpack (3.2.0) lib/action_dispatch/http/filter_parameters.rb:33:infiltered_parameters’
actionpack (3.2.0)
lib/action_controller/metal/instrumentation.rb:21:in process_action' actionpack (3.2.0) lib/action_controller/metal/params_wrapper.rb:205:inprocess_action’
activerecord (3.2.0)

Having the same problem.
These requests are from people who use webproxies.

I keep seeing on github that similar issues with
URI.decode_www_form_component have been solved a while ago, yet it still
happens to me. Any ideas how to handle this gracefully before getting a
server error?