Fixed a bug in the sanitizer

This commit is contained in:
jos 2017-07-13 21:01:52 +02:00
parent 3e4c975b70
commit 524d00e15e
2 changed files with 19 additions and 12 deletions

View File

@ -95,28 +95,26 @@ exports.sanitize = function (jsString) {
while (i < jsString.length && c !== quote) {
if (c === '"' && prev() !== '\\') {
// unescaped double quote, escape it
chars.push('\\');
chars.push('\\"');
}
// replace unescaped control characters with escaped ones
if (controlChars.hasOwnProperty(c)) {
else if (controlChars.hasOwnProperty(c)) {
// replace unescaped control characters with escaped ones
chars.push(controlChars[c])
i++;
c = curr();
}
// handle escape character
if (c === '\\') {
else if (c === '\\') {
// remove the escape character when followed by a single quote ', not needed
i++;
c = curr();
// remove the escape character when followed by a single quote ', not needed
if (c !== '\'') {
chars.push('\\');
}
chars.push(c);
}
else {
// regular character
chars.push(c);
}
chars.push(c);
i++;
c = curr();
}

View File

@ -30,6 +30,15 @@ describe('util', function () {
assert.equal(util.sanitize('"foo\\\'bar"'), '"foo\'bar"');
});
it('should escape unescaped control characters', function () {
assert.equal(util.sanitize('"hello\bworld"'), '"hello\\bworld"')
assert.equal(util.sanitize('"hello\fworld"'), '"hello\\fworld"')
assert.equal(util.sanitize('"hello\nworld"'), '"hello\\nworld"')
assert.equal(util.sanitize('"hello\rworld"'), '"hello\\rworld"')
assert.equal(util.sanitize('"hello\tworld"'), '"hello\\tworld"')
assert.equal(util.sanitize('{"value\n": "dc=hcm,dc=com"}'), '{"value\\n": "dc=hcm,dc=com"}')
})
it('remove comments', function () {
assert.equal(util.sanitize('/* foo */ {}'), ' {}');
assert.equal(util.sanitize('/* foo */ {}'), ' {}');