From 1aed588743a3157221dca2129c74c53604cf7eaf Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Mon, 19 Jan 2026 15:06:57 +0000 Subject: [PATCH] fix: sanitize windows argv control chars --- src/cli/run-main.ts | 13 +++++++++++-- src/entry.ts | 13 +++++++++++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/cli/run-main.ts b/src/cli/run-main.ts index 39e526982..ff12ecfbb 100644 --- a/src/cli/run-main.ts +++ b/src/cli/run-main.ts @@ -51,9 +51,18 @@ export async function runCli(argv: string[] = process.argv) { function stripWindowsNodeExec(argv: string[]): string[] { if (process.platform !== "win32") return argv; + const stripControlChars = (value: string): string => { + let out = ""; + for (let i = 0; i < value.length; i += 1) { + const code = value.charCodeAt(i); + if (code >= 32 && code !== 127) { + out += value[i]; + } + } + return out; + }; const normalizeArg = (value: string): string => - value - .replace(/[\u0000-\u001f\u007f]/g, "") + stripControlChars(value) .replace(/^['"]+|['"]+$/g, "") .trim(); const normalizeCandidate = (value: string): string => diff --git a/src/entry.ts b/src/entry.ts index 498a99592..9d3bd6dd0 100644 --- a/src/entry.ts +++ b/src/entry.ts @@ -60,9 +60,18 @@ function ensureExperimentalWarningSuppressed(): boolean { function normalizeWindowsArgv(argv: string[]): string[] { if (process.platform !== "win32") return argv; if (argv.length < 3) return argv; + const stripControlChars = (value: string): string => { + let out = ""; + for (let i = 0; i < value.length; i += 1) { + const code = value.charCodeAt(i); + if (code >= 32 && code !== 127) { + out += value[i]; + } + } + return out; + }; const normalizeArg = (value: string): string => - value - .replace(/[\u0000-\u001f\u007f]/g, "") + stripControlChars(value) .replace(/^['"]+|['"]+$/g, "") .trim(); const normalizeCandidate = (value: string): string =>