Sanitize control codes in JSON code.

author: default <nobody@localhost> 2023-03-07 09:56:16 +0100
committer: default <nobody@localhost> 2023-03-07 09:56:16 +0100
commit: 2250ad702723a50afd93def3735fcfe854701aa3 (patch)
tree: 44c34fbf2ff7f0d93ece6c5c842cdbd27eb498f3 /xs_json.h
parent: 23177e93954951a85af85d579db269372c9eae93 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/xs_json.h b/xs_json.h
index 9b700a2..36a0665 100644
--- a/xs_json.h
+++ b/xs_json.h
@@ -260,6 +260,10 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t)
                     else
                         cp = i;
 
+                    /* replace dangerous control codes with the replacement char */
+                    if (cp >= '\0' && cp < ' ' && !strchr("\r\n\t", cp))
+                        cp = 0xfffd;
+
                     v = xs_utf8_enc(v, cp);
                     c = '\0';
author	default <nobody@localhost>	2023-03-07 09:56:16 +0100
committer	default <nobody@localhost>	2023-03-07 09:56:16 +0100
commit	2250ad702723a50afd93def3735fcfe854701aa3 (patch)
tree	44c34fbf2ff7f0d93ece6c5c842cdbd27eb498f3 /xs_json.h
parent	23177e93954951a85af85d579db269372c9eae93 (diff)