vincenzopalazzo
/
rgb-cln
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

json: escape strings we output in JSON. 

We're going to output description strings, which are untrusted.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2017-10-26 13:32:19 +10:30
parent a02ca46b03
commit 02c1d10c9f
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
common/json.c
View File

@ -412,8 +412,17 @@ void json_add_literal(struct json_result *result, const char *fieldname,
void json_add_string(struct json_result *result, const char *fieldname, const char *value)
{
char *escaped = tal_arr(result, char, strlen(value) * 2 + 1);
size_t i, n;
json_start_member(result, fieldname);
result_append_fmt(result, "\"%s\"", value);
for (i = n = 0; value[i]; i++) {
if (value[i] == '\\' || value[i] == '"')
escaped[n++] = '\\';
escaped[n++] = value[i];
}
escaped[n] = '\0';
result_append_fmt(result, "\"%s\"", escaped);
}
void json_add_bool(struct json_result *result, const char *fieldname, bool value)