diff options
| author | Moonchild <moonchild@palemoon.org> | 2022-01-14 11:52:47 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2022-04-08 15:03:43 +0200 |
| commit | ab5f44b61d054a29a34f6ff1bbdf0671395bbf61 (patch) | |
| tree | 9620915b11ab44217ca2bfdf525d16a84f0517c7 | |
| parent | c332210793209d75c870ea92236eb4ecbeedafa5 (diff) | |
| download | uxp-ab5f44b61d054a29a34f6ff1bbdf0671395bbf61.tar.gz | |
[devtools] Escape backtick characters
| -rw-r--r-- | devtools/client/shared/curl.js | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/devtools/client/shared/curl.js b/devtools/client/shared/curl.js index 54cdc05cbf..f514ae1d74 100644 --- a/devtools/client/shared/curl.js +++ b/devtools/client/shared/curl.js @@ -8,6 +8,7 @@ * Copyright (C) 2008, 2009 Anthony Ricaud <rik@webkit.org> * Copyright (C) 2011 Google Inc. All rights reserved. * Copyright (C) 2009 Mozilla Foundation. All rights reserved. + * Copyright (C) 2022 Moonchild Productions. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -400,9 +401,15 @@ const CurlUtils = { */ escapeStringWin: function (str) { /* - Replace dollar sign because of commands (e.g $(cmd.exe)) in
- powershell when using double quotes.
- Useful details http://www.rlmueller.net/PowerShellEscape.htm + Replace the backtick character ` with `` in order to escape it. + The backtick character is an escape character in PowerShell and + can, among other things, be used to disable the effect of some + of the other escapes created below. + + Replace dollar sign because of commands in powershell when using + double quotes. e.g $(calc.exe). + + Also see http://www.rlmueller.net/PowerShellEscape.htm for details. Replace quote by double quote (but not by \") because it is recognized by both cmd.exe and MS Crt arguments parser. @@ -416,13 +423,15 @@ const CurlUtils = { MS Crt arguments parser won't collapse them. Replace new line outside of quotes since cmd.exe doesn't let - to do it inside. + us do it inside. */ - return "\"" + str.replace(/\$/g, "`$")
- .replace(/"/g, "\"\"") - .replace(/%/g, "\"%\"") - .replace(/\\/g, "\\\\") - .replace(/[\r\n]+/g, "\"^$&\"") + "\""; + return "\"" + + str.replaceAll("`", "``") + .replaceAll("$", "`$") + .replaceAll('"', '""') + .replaceAll("%", '"%"') + .replace(/\\/g, "\\\\") + .replace(/[\r\n]+/g, "\"^$&\"") + "\""; } }; |