From 4b52529eb964fd1e949ae60e2da70ac3a0db6a9c Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Fri, 9 Jan 2015 11:18:38 -0800
Subject: JS:  replace NUL characters with U+FFFD, as per spec.

---
 js/lib/blocks.js | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'js/lib/blocks.js')

diff --git a/js/lib/blocks.js b/js/lib/blocks.js
index 1e20d29..8f4776c 100644
--- a/js/lib/blocks.js
+++ b/js/lib/blocks.js
@@ -16,6 +16,10 @@ var isBlank = function(s) {
 // Convert tabs to spaces on each line using a 4-space tab stop.
 var detabLine = function(text) {
     "use strict";
+    if (text.indexOf('\0') !== -1) {
+        // replace NUL for security
+        text = text.replace(/\0/g, '\uFFFD');
+    }
     if (text.indexOf('\t') === -1) {
         return text;
     } else {
-- 
cgit v1.2.3