Browse Source

json: escape strings we output in JSON.

We're going to output description strings, which are untrusted.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ppa-0.6.1
Rusty Russell 7 years ago
parent
commit
02c1d10c9f
  1. 11
      common/json.c

11
common/json.c

@ -412,8 +412,17 @@ void json_add_literal(struct json_result *result, const char *fieldname,
void json_add_string(struct json_result *result, const char *fieldname, const char *value) void json_add_string(struct json_result *result, const char *fieldname, const char *value)
{ {
char *escaped = tal_arr(result, char, strlen(value) * 2 + 1);
size_t i, n;
json_start_member(result, fieldname); json_start_member(result, fieldname);
result_append_fmt(result, "\"%s\"", value); for (i = n = 0; value[i]; i++) {
if (value[i] == '\\' || value[i] == '"')
escaped[n++] = '\\';
escaped[n++] = value[i];
}
escaped[n] = '\0';
result_append_fmt(result, "\"%s\"", escaped);
} }
void json_add_bool(struct json_result *result, const char *fieldname, bool value) void json_add_bool(struct json_result *result, const char *fieldname, bool value)

Loading…
Cancel
Save