Skip to content

Commit 24f6f1a

Browse files
fix(local): strip C1 control characters and NEL in sanitize()
Extend sanitize() to cover the C1 range (0x80-0x9F) which includes raw 8-bit CSI/OSC/DCS introducers, and collapse NEL (U+0085) as a line break.
1 parent afb5416 commit 24f6f1a

1 file changed

Lines changed: 7 additions & 4 deletions

File tree

src/lib/formatters/local.ts

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,16 @@ import { blue, bold, cyan, green, muted, red, yellow } from "./colors.js";
44
import { stripAnsi } from "./plain-detect.js";
55

66
/**
7-
* Strip ANSI escapes, collapse newlines, and remove C0 control characters
7+
* Strip ANSI escapes, collapse newlines, and remove C0/C1 control characters
88
* so envelope fields can't inject fake log lines or terminal commands.
99
*/
1010
export function sanitize(text: string): string {
11-
const stripped = stripAnsi(text).replace(/[\r\n]+/g, " ");
12-
// biome-ignore lint/suspicious/noControlCharactersInRegex: stripping C0 control chars from untrusted envelope data
13-
return stripped.replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g, "");
11+
// Collapse CR, LF, and NEL (U+0085) which terminals treat as line breaks.
12+
const stripped = stripAnsi(text).replace(/[\r\n\x85]+/g, " ");
13+
// Strip C0 (0x00-0x1F, 0x7F) and C1 (0x80-0x9F) control characters.
14+
// C1 includes raw 8-bit CSI (0x9B), OSC (0x9D), and DCS (0x90) introducers.
15+
// biome-ignore lint/suspicious/noControlCharactersInRegex: stripping control chars from untrusted envelope data
16+
return stripped.replace(/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f\x80-\x9f]/g, "");
1417
}
1518

1619
/** Canonical content type for Sentry envelopes. */

0 commit comments

Comments
 (0)