From 4fc147a3af643900e428667b4bced3a57abb3da9 Mon Sep 17 00:00:00 2001 From: Will Jordan Date: Thu, 26 Sep 2024 14:02:40 -0700 Subject: [PATCH] Replace JSON11-produced hex escape codes with unicode escape codes JSON11.stringify produces JSON5 documents with hex escape codes (`\x1b`), which aren't standard JSON and cause `JSON.parse` to error. When using JSON11, replace all `\xXX` escape codes with the JSON-compatible equivalent Unicode escape codes (`\u00XX`). Fixes opensearch-project/OpenSearch-Dashboards#7367. --- lib/Serializer.js | 3 ++- test/unit/serializer.test.js | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/Serializer.js b/lib/Serializer.js index 2636a53d0..ecdb361f2 100644 --- a/lib/Serializer.js +++ b/lib/Serializer.js @@ -37,6 +37,7 @@ const kJsonOptions = Symbol('secure json parse options'); const JSON11 = require('json11'); const isBigIntSupported = typeof BigInt !== 'undefined'; +const hexEscapeRegex = /\\x([0-9A-Fa-f]{2})/g; class Serializer { constructor(opts = {}) { @@ -81,7 +82,7 @@ class Serializer { quote: '"', quoteNames: true, }); - if (temp) json = temp; + if (temp) json = temp.replace(hexEscapeRegex, (_, c) => "\\u00".append(c)); } catch (ex) { // Do nothing: JSON.stringify succeeded but JSON11.stringify failed; return the // JSON.stringify result. diff --git a/test/unit/serializer.test.js b/test/unit/serializer.test.js index 1773fce07..827bb29cb 100644 --- a/test/unit/serializer.test.js +++ b/test/unit/serializer.test.js @@ -271,3 +271,10 @@ test('disable prototype poisoning protection only for constructor', (t) => { t.fail(err); } }); + +test('Long numerals and ANSI escape sequences', (t) => { + t.plan(1); + const s = new Serializer({ enableLongNumeralSupport: true }); + const obj = {message: "hello \u001b[38;7;2mworld\u001b[0m", value: BigInt(Number.MAX_SAFE_INTEGER) * 2n}; + t.same(s.deserialize(s.serialize(obj)), obj); +})