Sha256: 6d45c69f6acd1eabcbb4f83c73bb75a56f5231ac2014aba21b549edc45617484
Contents?: true
Size: 1016 Bytes
Versions: 19
Compression:
Stored size: 1016 Bytes
Contents
# encoding: utf-8
# This file is distributed under New Relic's license terms.
# See https://github.com/newrelic/rpm/blob/master/LICENSE for complete details.
require 'erb'
module NewRelic
module Agent
module BrowserToken
def self.get_token(request)
return nil unless request
agent_flag = request.cookies['NRAGENT']
if agent_flag and agent_flag.instance_of? String
s = agent_flag.split("=")
if s.length == 2
if s[0] == "tk" && s[1]
ERB::Util.h(sanitize_token(s[1]))
end
end
else
nil
end
end
# Run through a collection of unsafe characters ( in the context of the token )
# and set the token to an empty string if any of them are found in the token so that
# potential XSS attacks via the token are avoided
def self.sanitize_token(token)
if ( /[<>'"]/ =~ token )
token.replace("")
end
token
end
end
end
end
Version data entries
19 entries across 19 versions & 1 rubygems