diff --git a/config/initializers/active_record_api_extensions.rb b/config/initializers/active_record_api_extensions.rb
index 266a2678a..b258e8297 100644
--- a/config/initializers/active_record_api_extensions.rb
+++ b/config/initializers/active_record_api_extensions.rb
@@ -26,6 +26,11 @@ module Danbooru
         super(options, &block)
       end
 
+      def serializable_hash(*args)
+        hash = super(*args)
+        hash.transform_keys { |key| key.delete("?") }
+      end
+
     protected
       def hidden_attributes
         [:uploader_ip_addr, :updater_ip_addr, :creator_ip_addr, :ip_addr]
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index a26200236..77fe9b81f 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -64,6 +64,14 @@ class UsersControllerTest < ActionController::TestCase
         assert_response :success
         assert_nil(json["last_logged_in_at"])
       end
+
+      should "strip '?' from attributes" do
+        get :show, {id: @user.id, format: :xml}, {user_id: @user.id}
+        xml = Hash.from_xml(response.body)
+
+        assert_response :success
+        assert_equal(false, xml["user"]["can_upload"])
+      end
     end
 
     context "new action" do