- Add backslash escaping before quote escaping in oneline() function

- Prevents incomplete string escaping vulnerability - Resolves CodeQL alert: https://github.com/prompt-security/clawsec/security/code-scanning/16
2026-06-21 09:21:21 +03:00 · 2026-02-16 16:14:57 +02:00
parent da01c31de1
commit fe08566ada
1 changed files with 1 additions and 0 deletions
@@ -52,6 +52,7 @@ function envOrEmpty(name) {
 function oneline(v) {
  return String(v ?? "")
    .replace(/[\r\n]+/g, " ")
+    .replace(/\\/g, "\\\\")
    .replace(/"/g, "\\\"")
    .trim();
 }