From a9e2f73089cf03f926c20f5c0a84124f358293f6 Mon Sep 17 00:00:00 2001 From: jos Date: Thu, 13 Jul 2017 21:01:52 +0200 Subject: [PATCH] Fixed a bug in the sanitizer --- src/js/util.js | 22 ++++++++++------------ test/util.test.js | 9 +++++++++ 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/src/js/util.js b/src/js/util.js index 03eba0d..a016ad4 100644 --- a/src/js/util.js +++ b/src/js/util.js @@ -95,28 +95,26 @@ exports.sanitize = function (jsString) { while (i < jsString.length && c !== quote) { if (c === '"' && prev() !== '\\') { // unescaped double quote, escape it - chars.push('\\'); + chars.push('\\"'); } - - // replace unescaped control characters with escaped ones - if (controlChars.hasOwnProperty(c)) { + else if (controlChars.hasOwnProperty(c)) { + // replace unescaped control characters with escaped ones chars.push(controlChars[c]) - i++; - c = curr(); } - - // handle escape character - if (c === '\\') { + else if (c === '\\') { + // remove the escape character when followed by a single quote ', not needed i++; c = curr(); - - // remove the escape character when followed by a single quote ', not needed if (c !== '\'') { chars.push('\\'); } + chars.push(c); + } + else { + // regular character + chars.push(c); } - chars.push(c); i++; c = curr(); } diff --git a/test/util.test.js b/test/util.test.js index 8304618..24272bc 100644 --- a/test/util.test.js +++ b/test/util.test.js @@ -30,6 +30,15 @@ describe('util', function () { assert.equal(util.sanitize('"foo\\\'bar"'), '"foo\'bar"'); }); + it('should escape unescaped control characters', function () { + assert.equal(util.sanitize('"hello\bworld"'), '"hello\\bworld"') + assert.equal(util.sanitize('"hello\fworld"'), '"hello\\fworld"') + assert.equal(util.sanitize('"hello\nworld"'), '"hello\\nworld"') + assert.equal(util.sanitize('"hello\rworld"'), '"hello\\rworld"') + assert.equal(util.sanitize('"hello\tworld"'), '"hello\\tworld"') + assert.equal(util.sanitize('{"value\n": "dc=hcm,dc=com"}'), '{"value\\n": "dc=hcm,dc=com"}') + }) + it('remove comments', function () { assert.equal(util.sanitize('/* foo */ {}'), ' {}'); assert.equal(util.sanitize('/* foo */ {}'), ' {}');