Open arnecs opened 7 months ago
toJSON does not escape control characters and allows for JSON injection.
WITH "\\" as backslash, "\"" as quote RETURN backslash, toJSON(backslash), quote, toJSON(quote)
1) 1) "backslash" 2) "toJSON(backslash)" 3) "quote" 4) "toJSON(quote)" 2) 1) 1) "\" 2) ""\"" 3) """ 4) """""
Expected result would escape the backslash and quote characters
2) 1) 1) "\" 2) ""\\"" 3) """ 4) ""\"""
toJSON does not escape control characters and allows for JSON injection.
Expected result would escape the backslash and quote characters