aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-19 15:14:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

json: escape strings we output in JSON.

Browse Source 
We're going to output description strings, which are untrusted.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
2017-10-26 13:32:19 +10:30
parent a02ca46b03
commit 02c1d10c9f
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
common/json.c
View File

@@ -412,8 +412,17 @@ void json_add_literal(struct json_result *result, const char *fieldname,
void json_add_string(struct json_result *result, const char *fieldname, const char *value) void json_add_string(struct json_result *result, const char *fieldname, const char *value)
{ {
char *escaped = tal_arr(result, char, strlen(value) * 2 + 1);
size_t i, n;
json_start_member(result, fieldname); json_start_member(result, fieldname);
result_append_fmt(result, "\"%s\"", value); for (i = n = 0; value[i]; i++) {
if (value[i] == '\\' || value[i] == '"')
escaped[n++] = '\\';
escaped[n++] = value[i];
}
escaped[n] = '\0';
result_append_fmt(result, "\"%s\"", escaped);
} }
void json_add_bool(struct json_result *result, const char *fieldname, bool value) void json_add_bool(struct json_result *result, const char *fieldname, bool value)