shell-quote
Advanced tools
Comparing version 1.7.2 to 1.7.3
@@ -7,2 +7,6 @@ # acorn-node change log | ||
## 1.7.3 | ||
* Fix a security issue where the regex for windows drive letters allowed some shell meta-characters | ||
to escape the quoting rules. (CVE-2021-42740) | ||
## 1.7.2 | ||
@@ -9,0 +13,0 @@ * Fix a regression introduced in 1.6.3. This reverts the Windows path quoting fix. ([144e1c2](https://github.com/substack/node-shell-quote/commit/144e1c20cd57549a414c827fb3032e60b7b8721c)) |
@@ -13,3 +13,3 @@ exports.quote = function (xs) { | ||
else { | ||
return String(s).replace(/([A-z]:)?([#!"$&'()*,:;<=>?@\[\\\]^`{|}])/g, '$1\\$2'); | ||
return String(s).replace(/([A-Za-z]:)?([#!"$&'()*,:;<=>?@\[\\\]^`{|}])/g, '$1\\$2'); | ||
} | ||
@@ -16,0 +16,0 @@ }).join(' '); |
{ | ||
"name": "shell-quote", | ||
"description": "quote and parse shell commands", | ||
"version": "1.7.2", | ||
"version": "1.7.3", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "James Halliday", |
@@ -43,1 +43,7 @@ var test = require('tape'); | ||
}) | ||
test("chars for windows paths don't break out", function (t) { | ||
var x = '`:\\a\\b' | ||
t.equal(quote([x]), '\\`\\:\\\\a\\\\b') | ||
t.end() | ||
}) |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
22234
18
418