Sanitize control codes in JSON code.

format.c

@@ -179,15 +179,8 @@ d_char *sanitize(const char *content)
     xs *sl;
     int n = 0;
     char *p, *v;
-    xs *content2 = xs_dup(content);
 
-    /* strip dangerous control codes */
+    sl = xs_regex_split(content, "</?[^>]+>");
-    for (n = 0; content2[n]; n++) {
-        if (xs_type(&content2[n]) != XSTYPE_STRING)
-            content2[n] = ' ';
-    }
-
-    sl = xs_regex_split(content2, "</?[^>]+>");
 
     p = sl;
 

xs_json.h

@@ -260,6 +260,10 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t)
                     else
                         cp = i;
 
+                    /* replace dangerous control codes with the replacement char */
+                    if (cp >= '\0' && cp < ' ' && !strchr("\r\n\t", cp))
+                        cp = 0xfffd;
+
                     v = xs_utf8_enc(v, cp);
                     c = '\0';