Sanitize control codes in JSON code.

author: default 2023-03-07 09:56:16 +0100
committer: default 2023-03-07 09:56:16 +0100
commit: 2250ad702723a50afd93def3735fcfe854701aa3 (patch)
tree: 44c34fbf2ff7f0d93ece6c5c842cdbd27eb498f3
parent: is_msg_for_me() also accepts msgs where a followed is cc'ed. (diff)
download: penes-snac2-2250ad702723a50afd93def3735fcfe854701aa3.tar.gz
penes-snac2-2250ad702723a50afd93def3735fcfe854701aa3.tar.xz
penes-snac2-2250ad702723a50afd93def3735fcfe854701aa3.zip
2 files changed, 5 insertions, 8 deletions
diff --git a/format.c b/format.c
index 63e73f6..3763e65 100644
--- a/format.c
+++ b/format.c
@@ -179,15 +179,8 @@ d_char *sanitize(const char *content)
    xs *sl;
    int n = 0;
    char *p, *v;
-    xs *content2 = xs_dup(content);
-    /* strip dangerous control codes */
+    sl = xs_regex_split(content, "</?[^>]+>");
-    for (n = 0; content2[n]; n++) {
-        if (xs_type(&content2[n]) != XSTYPE_STRING)
-            content2[n] = ' ';
-    }
-    sl = xs_regex_split(content2, "</?[^>]+>");
    p = sl;
diff --git a/xs_json.h b/xs_json.h
index 9b700a2..36a0665 100644
--- a/xs_json.h
+++ b/xs_json.h
@@ -260,6 +260,10 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t)
                    else
                        cp = i;
+                    /* replace dangerous control codes with the replacement char */
+                    if (cp >= '\0' && cp < ' ' && !strchr("\r\n\t", cp))
+                        cp = 0xfffd;
                    v = xs_utf8_enc(v, cp);
                    c = '\0';
author	default	2023-03-07 09:56:16 +0100
committer	default	2023-03-07 09:56:16 +0100
commit	2250ad702723a50afd93def3735fcfe854701aa3 (patch)
tree	44c34fbf2ff7f0d93ece6c5c842cdbd27eb498f3
parent	is_msg_for_me() also accepts msgs where a followed is cc'ed. (diff)
download	penes-snac2-2250ad702723a50afd93def3735fcfe854701aa3.tar.gz penes-snac2-2250ad702723a50afd93def3735fcfe854701aa3.tar.xz penes-snac2-2250ad702723a50afd93def3735fcfe854701aa3.zip