From 17497a15d02d2959ba30191d5ce7c8db44edc8ec Mon Sep 17 00:00:00 2001
From: Steven Levithan <steves_list@hotmail.com>
Date: Fri, 6 Sep 2024 04:58:12 +0200
Subject: [PATCH] Replace \u{0} with \x00 for sandboxed nulls

---
 src/utils.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/utils.js b/src/utils.js
index 862cde5..8c529bc 100644
--- a/src/utils.js
+++ b/src/utils.js
@@ -83,7 +83,7 @@ export function sandboxLoneCharClassCaret(str) {
 }
 
 /**
-Converts `\0` tokens to `\u{0}` in the given context.
+Converts `\0` tokens to `\x00` in the given context.
 @param {string} str
 @param {'DEFAULT' | 'CHAR_CLASS'} [context] `Context` option from lib `regex-utilities`
 @returns {string}
@@ -91,8 +91,8 @@ Converts `\0` tokens to `\u{0}` in the given context.
 export function sandboxUnsafeNulls(str, context) {
   // regex`[\0${0}]` and regex`[${pattern`\0`}0]` can't be guarded against via nested `[…]`
   // sandboxing in character classes if the interpolated value doesn't contain union (since it
-  // might be placed on a range boundary). So escape `\0` in character classes as `\u{0}`
-  return replaceUnescaped(str, String.raw`\\0(?!\d)`, '\\u{0}', context);
+  // might be placed on a range boundary). So escape `\0` in character classes as `\x00`
+  return replaceUnescaped(str, String.raw`\\0(?!\d)`, '\\x00', context);
 }
 
 // No special handling for escaped versions of the characters