From 6dd0764e91e73cb613231ef9a3d105ffd3251bfc Mon Sep 17 00:00:00 2001
From: Lennart kats <lennart@c9.io>
Date: Thu, 25 Jun 2015 10:47:30 +0000
Subject: [PATCH] Make sure generated tokens are never valid JavaScript

---
 node_modules/c9/uid.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/node_modules/c9/uid.js b/node_modules/c9/uid.js
index 51573ede..55eac7f2 100644
--- a/node_modules/c9/uid.js
+++ b/node_modules/c9/uid.js
@@ -8,5 +8,8 @@ module.exports = function(length) {
             .toString("base64")
             .replace(/[^a-zA-Z0-9]/g, "");
     }
-    return uid.slice(0, length);
+    // HACK: make sure unique id is never syntactically valid JavaScript
+    // See http://balpha.de/2013/02/plain-text-considered-harmful-a-cross-domain-exploit/
+    uid = "9c" +uid.slice(0, length - 2);
+    return uid;
 };
\ No newline at end of file