mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
7 lines
282 B
Ruby
7 lines
282 B
Ruby
# Safe: tainted request value routed through `strip_crlf` (a registered
|
|
# HEADER_INJECTION sanitizer) before the subscript-set, so taint-header-injection
|
|
# stays clean.
|
|
def handle(params, response)
|
|
lang = params["lang"]
|
|
response.headers["X-Forwarded-By"] = strip_crlf(lang)
|
|
end
|