Sanitize control characters in extracted transport messages

cursoragent · shrisukhani · cursoragent · commit 8e0105499ea8 · 2026-02-13T20:32:25.000Z
Co-authored-by: Shri Sukhani &lt;shrisukhani@users.noreply.github.com&gt;
diff --git a/hyperbrowser/transport/error_utils.py b/hyperbrowser/transport/error_utils.py
@@ -60,6 +60,13 @@ def _safe_to_string(value: Any) -> str:
     return f"<{type(value).__name__}>"
 
 
+def _sanitize_error_message_text(message: str) -> str:
+    return "".join(
+        "?" if ord(character) < 32 or ord(character) == 127 else character
+        for character in message
+    )
+
+
 def _normalize_request_method(method: Any) -> str:
     raw_method = method
     if isinstance(raw_method, bool):
@@ -129,9 +136,10 @@ def _normalize_request_url(url: Any) -> str:
 
 
 def _truncate_error_message(message: str) -> str:
-    if len(message) <= _MAX_ERROR_MESSAGE_LENGTH:
-        return message
-    return f"{message[:_MAX_ERROR_MESSAGE_LENGTH]}... (truncated)"
+    sanitized_message = _sanitize_error_message_text(message)
+    if len(sanitized_message) <= _MAX_ERROR_MESSAGE_LENGTH:
+        return sanitized_message
+    return f"{sanitized_message[:_MAX_ERROR_MESSAGE_LENGTH]}... (truncated)"
 
 
 def _stringify_error_value(value: Any, *, _depth: int = 0) -> str:
diff --git a/tests/test_transport_error_utils.py b/tests/test_transport_error_utils.py
@@ -765,6 +765,24 @@ def test_extract_error_message_sanitizes_control_characters_in_fallback_error_te
     assert message == "bad?fallback?text"
 
 
+def test_extract_error_message_sanitizes_control_characters_in_json_message():
+    message = extract_error_message(
+        _DummyResponse({"message": "bad\tjson\nmessage"}),
+        RuntimeError("fallback detail"),
+    )
+
+    assert message == "bad?json?message"
+
+
+def test_extract_error_message_sanitizes_control_characters_in_response_text_fallback():
+    message = extract_error_message(
+        _DummyResponse("   ", text="bad\tresponse\ntext"),
+        RuntimeError("fallback detail"),
+    )
+
+    assert message == "bad?response?text"
+
+
 def test_extract_error_message_extracts_errors_list_messages():
     message = extract_error_message(
         _DummyResponse({"errors": [{"msg": "first issue"}, {"msg": "second issue"}]}),
