From 2250ad702723a50afd93def3735fcfe854701aa3 Mon Sep 17 00:00:00 2001
From: default <nobody@localhost>
Date: Tue, 7 Mar 2023 09:56:16 +0100
Subject: Sanitize control codes in JSON code.

---
 xs_json.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'xs_json.h')

diff --git a/xs_json.h b/xs_json.h
index 9b700a2..36a0665 100644
--- a/xs_json.h
+++ b/xs_json.h
@@ -260,6 +260,10 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t)
                     else
                         cp = i;
 
+                    /* replace dangerous control codes with the replacement char */
+                    if (cp >= '\0' && cp < ' ' && !strchr("\r\n\t", cp))
+                        cp = 0xfffd;
+
                     v = xs_utf8_enc(v, cp);
                     c = '\0';
 
-- 
cgit v1.2.3