Fixed a bug in the sanitizer

This commit is contained in:
jos 2017-07-13 21:01:52 +02:00
parent 3e4c975b70
commit 524d00e15e
2 changed files with 19 additions and 12 deletions

View File

@ -95,28 +95,26 @@ exports.sanitize = function (jsString) {
while (i < jsString.length && c !== quote) { while (i < jsString.length && c !== quote) {
if (c === '"' && prev() !== '\\') { if (c === '"' && prev() !== '\\') {
// unescaped double quote, escape it // unescaped double quote, escape it
chars.push('\\'); chars.push('\\"');
} }
else if (controlChars.hasOwnProperty(c)) {
// replace unescaped control characters with escaped ones // replace unescaped control characters with escaped ones
if (controlChars.hasOwnProperty(c)) {
chars.push(controlChars[c]) chars.push(controlChars[c])
i++;
c = curr();
} }
else if (c === '\\') {
// handle escape character // remove the escape character when followed by a single quote ', not needed
if (c === '\\') {
i++; i++;
c = curr(); c = curr();
// remove the escape character when followed by a single quote ', not needed
if (c !== '\'') { if (c !== '\'') {
chars.push('\\'); chars.push('\\');
} }
chars.push(c);
}
else {
// regular character
chars.push(c);
} }
chars.push(c);
i++; i++;
c = curr(); c = curr();
} }

View File

@ -30,6 +30,15 @@ describe('util', function () {
assert.equal(util.sanitize('"foo\\\'bar"'), '"foo\'bar"'); assert.equal(util.sanitize('"foo\\\'bar"'), '"foo\'bar"');
}); });
it('should escape unescaped control characters', function () {
assert.equal(util.sanitize('"hello\bworld"'), '"hello\\bworld"')
assert.equal(util.sanitize('"hello\fworld"'), '"hello\\fworld"')
assert.equal(util.sanitize('"hello\nworld"'), '"hello\\nworld"')
assert.equal(util.sanitize('"hello\rworld"'), '"hello\\rworld"')
assert.equal(util.sanitize('"hello\tworld"'), '"hello\\tworld"')
assert.equal(util.sanitize('{"value\n": "dc=hcm,dc=com"}'), '{"value\\n": "dc=hcm,dc=com"}')
})
it('remove comments', function () { it('remove comments', function () {
assert.equal(util.sanitize('/* foo */ {}'), ' {}'); assert.equal(util.sanitize('/* foo */ {}'), ' {}');
assert.equal(util.sanitize('/* foo */ {}'), ' {}'); assert.equal(util.sanitize('/* foo */ {}'), ' {}');