commit 2250ad702723a50afd93def3735fcfe854701aa3
parent 23177e93954951a85af85d579db269372c9eae93
Author: default <nobody@localhost>
Date: Tue, 7 Mar 2023 09:56:16 +0100
Sanitize control codes in JSON code.
Diffstat:
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/format.c b/format.c
@@ -179,15 +179,8 @@ d_char *sanitize(const char *content)
xs *sl;
int n = 0;
char *p, *v;
- xs *content2 = xs_dup(content);
- /* strip dangerous control codes */
- for (n = 0; content2[n]; n++) {
- if (xs_type(&content2[n]) != XSTYPE_STRING)
- content2[n] = ' ';
- }
-
- sl = xs_regex_split(content2, "</?[^>]+>");
+ sl = xs_regex_split(content, "</?[^>]+>");
p = sl;
diff --git a/xs_json.h b/xs_json.h
@@ -260,6 +260,10 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t)
else
cp = i;
+ /* replace dangerous control codes with the replacement char */
+ if (cp >= '\0' && cp < ' ' && !strchr("\r\n\t", cp))
+ cp = 0xfffd;
+
v = xs_utf8_enc(v, cp);
c = '\0';
