Replace \u{0} with \x00 for sandboxed nulls

slevithan · Sep 6, 2024 · 17497a1 · 17497a1
1 parent 2c3c4ab
commit 17497a1
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/utils.js b/src/utils.js
@@ -83,16 +83,16 @@ export function sandboxLoneCharClassCaret(str) {
 }
 
 /**
-Converts `\0` tokens to `\u{0}` in the given context.
+Converts `\0` tokens to `\x00` in the given context.
 @param {string} str
 @param {'DEFAULT' | 'CHAR_CLASS'} [context] `Context` option from lib `regex-utilities`
 @returns {string}
 */
 export function sandboxUnsafeNulls(str, context) {
   // regex`[\0${0}]` and regex`[${pattern`\0`}0]` can't be guarded against via nested `[…]`
   // sandboxing in character classes if the interpolated value doesn't contain union (since it
-  // might be placed on a range boundary). So escape `\0` in character classes as `\u{0}`
-  return replaceUnescaped(str, String.raw`\\0(?!\d)`, '\\u{0}', context);
+  // might be placed on a range boundary). So escape `\0` in character classes as `\x00`
+  return replaceUnescaped(str, String.raw`\\0(?!\d)`, '\\x00', context);
 }
 
 // No special handling for escaped versions of the characters