File tree 1 file changed +4
-2
lines changed
1 file changed +4
-2
lines changed Original file line number Diff line number Diff line change @@ -15,15 +15,17 @@ function escapeArgument(arg, doubleEscapeMetaChars) {
1515 arg = `${ arg } ;
1616
1717 // Algorithm below is based on https://qntm.org/cmd
18+ // It's slightly altered to disable JS backtracking to avoid hanging on specially crafted input
19+ // Please see https://github.com/moxystudio/node-cross-spawn/pull/160 for more information
1820
1921 // Sequence of backslashes followed by a double quote:
2022 // double up all the backslashes and escape the double quote
21- arg = arg . replace ( / ( \\ * ) " / g, '$1$1\\"' ) ;
23+ arg = arg . replace ( / (? = \\ * ? ) " / g, '$1$1\\"' ) ;
2224
2325 // Sequence of backslashes followed by the end of the string
2426 // (which will become a double quote later):
2527 // double up all the backslashes
26- arg = arg . replace ( / ( \\ * ) $ / , '$1$1' ) ;
28+ arg = arg . replace ( / (? = \\ * ? ) $ / , '$1$1' ) ;
2729
2830 // All other backslashes occur literally
2931
You can’t perform that action at this time.
0 commit comments