When pasting an unknown string into a string, if we decide to escape any characters, make sure we escape all characters#62982
Merged
CyrusNajmabadi merged 1 commit intodotnet:mainfrom Jul 27, 2022
Conversation
…any characters, make sure we escape all characters
ryzngard
approved these changes
Jul 27, 2022
Member
|
Nice! Thanks @CyrusNajmabadi for the quick fix! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #62969
The general issue here is that when text is being pasted in from an unknown source, we don't know what an escaped chunk like
""should mean. Should we escape the text again within the destination? or should we say that because it's a legal escape in teh destination taht we'll leave it alone? Previously we had the logic that we would leave it alone. However, this isn't great when you have a mix of quotes. e.g.This is the text on the clipboard:
[SuppressMessage("", "CA2013")]Here, we'll need to escape the quotes in
"CA2013"to make the destination legal. But if we're going to escape those, then we should realize that we should also escape""to""""(even though we technically don't have to). But escaping inconsistently is far worse as it basically means we're treating different parts of the pasted text differently instead of uniformly.