The silent dropping of values bugs me, but in this case I think the
cure is worse than the disease. When we had it enabled previously all
of my exception trackers were spammed with dozens of random junk
coming from adventurous users or broken spam bots.
The current behaviour doesn't have any security related downsides, and
it's just being slightly postel-friendly in the way it behaves.
We could add a hook to make it easier for plugins to handle this
situation, but at present I think it's just a little too annoying for
enabling it by default.
I would love it if this would only raise an exception in
I think the first step might be to prise apart that code so that the
handling of protected attributes is handled in a single method like
You could then override that method with a plugin to aid with
debugging during dev and test.
> Thanks for your responses all,
> - Trevor