tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit e53d1ca4562176038a2f16bc410f90177fb11a57
parent 9b9f5a14ae44195ef8eb6f41f223630b9f519d45
Author: Hubert Boma Manilla <hmanilla@mozilla.com>
Date:   Sat, 22 Nov 2025 19:39:28 +0000

Bug 1997018 - [devtools] Stop escaping Unicode control (non-printable) characters with caret(^) r=devtools-reviewers,nchevobbe

Escaping control (mostly non-printable) charaters, means that only the caret(^) used for the escape will be
included in the curl output and therefore the caret will be unexpectedly be escaping whatever character is after
the control character.
This patch stops escaping the unicode control characters.

Differential Revision: https://phabricator.services.mozilla.com/D270661

Diffstat:

Mdevtools/client/netmonitor/test/browser_net_curl-utils.js | 8++++++++


Mdevtools/client/shared/curl.js | 4+++-


2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/devtools/client/netmonitor/test/browser_net_curl-utils.js b/devtools/client/netmonitor/test/browser_net_curl-utils.js
@@ -360,6 +360,14 @@ function testEscapeStringWin() {
     '^\"query=evil^\n\n^\n\ncmd^\\^\" /c timeout /t 3 ^& calc.exe^\n\n^\n\n^\"',
     "The evil command is escaped properly"
   );
+
+  // Control characters https://www.ascii-code.com/characters/control-characters
+  const containsControlChars = " - \u0007 \u0010 \u0014 \u001B \x1a - ";
+  is(
+    CurlUtils.escapeStringWin(containsControlChars),
+    '^\" - \u0007 \u0010 \u0014 \u001b \u001a - ^\"',
+    "Control characters should not be escaped with ^."
+  );
 }
 
 async function createCurlData(selected, getLongString, requestData) {
diff --git a/devtools/client/shared/curl.js b/devtools/client/shared/curl.js
@@ -463,7 +463,9 @@ const CurlUtils = {
 
         // Then escape all characters we are not sure about with ^ to ensure it
         // gets to MS Crt parser safely.
-        .replace(/[^a-zA-Z0-9\s_\-:=+~\/.',?;()*`]/g, "^$&")
+        // Note: Also do not escape unicode control (C) non-printable characters 
+        // https://www.compart.com/en/unicode/category (this is captured with `\p{C}` and the `u` unicode flag)
+        .replace(/[^-a-zA-Z0-9\s_:=+~\/.',?;()*`\p{C}]/gu, "^$&")
 
         // The % character is special because MS Crt parser will try and look for
         // ENV variables and fill them in its place. We cannot escape them with %