mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 14:16:43 +00:00
fix(shell): escape cmd.exe special chars (%, ^, newlines)
Additional hardening for Windows shell escaping: - Escape % as %% to prevent variable expansion - Escape ^ as ^^ to prevent escape sequence interpretation - Replace newlines/tabs with space to prevent parsing errors
This commit is contained in:
@@ -21,7 +21,16 @@ export function escapeShellArg(arg: string): string {
|
||||
if (isWindows) {
|
||||
// cmd.exe: Use double quotes, escape inner double quotes with backslash
|
||||
// cmd.exe interprets "" as escaped double quote inside quoted string
|
||||
return '"' + String(arg).replace(/"/g, '""') + '"';
|
||||
// Strip newlines/tabs that can break cmd.exe parsing
|
||||
return (
|
||||
'"' +
|
||||
String(arg)
|
||||
.replace(/[\r\n\t]/g, ' ') // Replace newlines/tabs with space
|
||||
.replace(/%/g, '%%') // Escape percent signs
|
||||
.replace(/\^/g, '^^') // Escape carets
|
||||
.replace(/"/g, '""') + // Escape quotes
|
||||
'"'
|
||||
);
|
||||
} else {
|
||||
// Unix/macOS: Double quotes with escaped inner quotes
|
||||
return '"' + String(arg).replace(/"/g, '\\"') + '"';
|
||||
|
||||
Reference in New Issue
Block a user