mirror of
https://github.com/linuxserver/core.git
synced 2026-02-20 05:07:19 +08:00
Merge pull request +7970 from c9/fix-javascript-token
Make sure generated tokens are never valid JavaScript
This commit is contained in:
Lennart Kats
commit
a65656baee
5
node_modules/c9/uid.js
generated
vendored
5
node_modules/c9/uid.js
generated
vendored
@ -8,5 +8,8 @@ module.exports = function(length) {
|
||||
.toString("base64")
|
||||
.replace(/[^a-zA-Z0-9]/g, "");
|
||||
}
|
||||
return uid.slice(0, length);
|
||||
// HACK: make sure unique id is never syntactically valid JavaScript
|
||||
// See http://balpha.de/2013/02/plain-text-considered-harmful-a-cross-domain-exploit/
|
||||
uid = "9c" +uid.slice(0, length - 2);
|
||||
return uid;
|
||||
};
|
||||
Loading…
x
Reference in New Issue
Block a user