* Mask `{` characters that appear inside single- or double-quoted contexts. * Uses a single-pass bash-aware quote-state scanner instead of a regex. * * A naive regex (`/'[^']*'/g`) mis-detects spans when a `'` appears inside * a double-quoted string: for `echo "it's" {a'}',b}`, it matches from t
(cmd: string)
| 329 | * either is safe. Secondary defense: BRACE_EXPANSION_RE in walkArgument. |
| 330 | */ |
| 331 | function maskBracesInQuotedContexts(cmd: string): string { |
| 332 | // Fast path: no `{` → nothing to mask. Skips the char-by-char scan for |
| 333 | // the >90% of commands with no braces (`ls -la`, `git status`, etc). |
| 334 | if (!cmd.includes('{')) return cmd |
| 335 | const out: string[] = [] |
| 336 | let inSingle = false |
| 337 | let inDouble = false |
| 338 | let i = 0 |
| 339 | while (i < cmd.length) { |
| 340 | const c = cmd[i]! |
| 341 | if (inSingle) { |
| 342 | // Bash single quotes: no escapes, `'` always terminates. |
| 343 | if (c === "'") inSingle = false |
| 344 | out.push(c === '{' ? ' ' : c) |
| 345 | i++ |
| 346 | } else if (inDouble) { |
| 347 | // Bash double quotes: `\` escapes `"` and `\` (also `$`, backtick, |
| 348 | // newline — but those don't affect quote state so we let them pass). |
| 349 | if (c === '\\' && (cmd[i + 1] === '"' || cmd[i + 1] === '\\')) { |
| 350 | out.push(c, cmd[i + 1]!) |
| 351 | i += 2 |
| 352 | } else { |
| 353 | if (c === '"') inDouble = false |
| 354 | out.push(c === '{' ? ' ' : c) |
| 355 | i++ |
| 356 | } |
| 357 | } else { |
| 358 | // Unquoted: `\` escapes any next char. |
| 359 | if (c === '\\' && i + 1 < cmd.length) { |
| 360 | out.push(c, cmd[i + 1]!) |
| 361 | i += 2 |
| 362 | } else { |
| 363 | if (c === "'") inSingle = true |
| 364 | else if (c === '"') inDouble = true |
| 365 | out.push(c) |
| 366 | i++ |
| 367 | } |
| 368 | } |
| 369 | } |
| 370 | return out.join('') |
| 371 | } |
| 372 | |
| 373 | const DOLLAR = String.fromCharCode(0x24) |
| 374 |
no test coverage detected