Module: NewRelic::Agent::BrowserToken
- Defined in:
- lib/new_relic/agent/browser_token.rb
Class Method Summary collapse
- .get_token(request) ⇒ Object
-
.sanitize_token(token) ⇒ Object
Run through a collection of unsafe characters ( in the context of the token ) and set the token to an empty string if any of them are found in the token so that potential XSS attacks via the token are avoided.
Class Method Details
.get_token(request) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/new_relic/agent/browser_token.rb', line 11 def self.get_token(request) return nil unless request agent_flag = request.['NRAGENT'] if agent_flag and agent_flag.instance_of? String s = agent_flag.split("=") if s.length == 2 if s[0] == "tk" && s[1] ERB::Util.h(sanitize_token(s[1])) end end else nil end end |
.sanitize_token(token) ⇒ Object
Run through a collection of unsafe characters ( in the context of the token ) and set the token to an empty string if any of them are found in the token so that potential XSS attacks via the token are avoided
30 31 32 33 34 35 |
# File 'lib/new_relic/agent/browser_token.rb', line 30 def self.sanitize_token(token) if ( /[<>'"]/ =~ token ) token.replace("") end token end |