Replace JSON11-produced hex escape codes with unicode escape codes

JSON11.stringify produces JSON5 documents with hex escape codes (`\x1b`), which aren't standard JSON and cause `JSON.parse` to error. When using JSON11, replace all `\xXX` escape codes with the JSON-compatible equivalent Unicode escape codes (`\u00XX`). Fixes opensearch-project/OpenSearch-Dashboards#7367.
wjordan · Sep 26, 2024 · 4fc147a · 4fc147a
1 parent f4f7758
commit 4fc147a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/lib/Serializer.js b/lib/Serializer.js
@@ -37,6 +37,7 @@ const kJsonOptions = Symbol('secure json parse options');
 const JSON11 = require('json11');
 
 const isBigIntSupported = typeof BigInt !== 'undefined';
+const hexEscapeRegex = /\\x([0-9A-Fa-f]{2})/g;
 
 class Serializer {
   constructor(opts = {}) {
@@ -81,7 +82,7 @@ class Serializer {
             quote: '"',
             quoteNames: true,
           });
-          if (temp) json = temp;
+          if (temp) json = temp.replace(hexEscapeRegex, (_, c) => "\\u00".append(c));
         } catch (ex) {
           // Do nothing: JSON.stringify succeeded but JSON11.stringify failed; return the
           // JSON.stringify result.

diff --git a/test/unit/serializer.test.js b/test/unit/serializer.test.js
@@ -271,3 +271,10 @@ test('disable prototype poisoning protection only for constructor', (t) => {
     t.fail(err);
   }
 });
+
+test('Long numerals and ANSI escape sequences', (t) => {
+  t.plan(1);
+  const s = new Serializer({ enableLongNumeralSupport: true });
+  const obj = {message: "hello \u001b[38;7;2mworld\u001b[0m", value: BigInt(Number.MAX_SAFE_INTEGER) * 2n};
+  t.same(s.deserialize(s.serialize(obj)), obj);
+})