Potential fix for code scanning alert no. 6: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-01-19 22:53:00 -05:00 · 2025-12-22 22:32:57 -08:00
parent 1b853a803d
commit 4be60d6218
1 changed files with 5 additions and 2 deletions
--- a/bin/init.js
+++ b/bin/init.js
@@ -597,8 +597,11 @@ export async function init(
    if (fs.existsSync(constantsPath)) {
      let constantsContent = fs.readFileSync(constantsPath, 'utf8');

-      // Helper function to escape single quotes in strings
-      const escapeString = (str) => str.replace(/'/g, "\\'");
+      // Helper function to escape backslashes and single quotes in strings
+      const escapeString = (str) =>
+        String(str)
+          .replace(/\\/g, '\\\\') // escape all backslashes
+          .replace(/'/g, "\\'");  // then escape single quotes

      // Helper function to safely replace constants with validation
      const safeReplace = (content, pattern, replacement, constantName) => {