Skip to content

fix: sanitize server-returned text to prevent ANSI escape injection#85

Open
bendavis-stripe wants to merge 1 commit intomainfrom
bendavis/fix-ansi-sanitation
Open

fix: sanitize server-returned text to prevent ANSI escape injection#85
bendavis-stripe wants to merge 1 commit intomainfrom
bendavis/fix-ansi-sanitation

Conversation

@bendavis-stripe
Copy link
Copy Markdown
Contributor

@bendavis-stripe bendavis-stripe commented May 7, 2026
edited
Loading

Summary

  • Adds sanitizeText() / sanitizeDeep() utilities using strip-ansi + control character stripping to prevent terminal escape sequence injection
  • Wraps all SDK resources at the factory level with a Proxy that automatically sanitizes all async return values — covers interactive (Ink), toon, yaml, md, and JSON output paths uniformly
  • Adds component-level and unit tests verifying escape sequences are stripped
  • Documents the sanitization approach in CLAUDE.md

Context

Server-returned string fields (e.g. merchant_name, line_items[].name) can contain ANSI escape sequences or control characters that manipulate terminal output during the approval flow. Sanitization is applied once at the resource factory boundary via sanitizeResource() — a Proxy wrapper that calls sanitizeDeep() on all async method return values. This means all consumers (interactive components, agent/JSON mode, toon format) get clean data without manual per-field wrapping.

Test plan

  • Unit tests for sanitizeText() and sanitizeDeep() covering CSI, OSC, carriage return, control chars, compound payloads, and nested objects
  • Component render tests for CreateSpendRequest, UpdateSpendRequest, RetrieveSpendRequest, and PaymentMethodsList using sanitizeResource-wrapped mocks
  • Typecheck passes
  • Biome lint passes

@bendavis-stripe bendavis-stripe requested a review from a team as a code owner May 7, 2026 21:24
@bendavis-stripe bendavis-stripe force-pushed the bendavis/fix-ansi-sanitation branch 5 times, most recently from 922ffed to 1943e4a Compare May 9, 2026 00:50
irace-stripe
irace-stripe reviewed May 9, 2026
View reviewed changes
Comment thread packages/cli/src/commands/demo/card-flow.tsx Outdated
@bendavis-stripe bendavis-stripe force-pushed the bendavis/fix-ansi-sanitation branch 3 times, most recently from f05b754 to 4fd8690 Compare May 9, 2026 01:47
@ben-davis @claude
fix: sanitize server-returned text to prevent ANSI escape injection
47f29b1 
Server-returned string fields (merchant_name, line_items[].name,
billing_address.*, payment method brand/nickname) are now sanitized
before rendering in Ink components using strip-ansi plus control
character stripping. This prevents terminal escape sequence injection
that could spoof the approval UI.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Committed-By-Agent: claude
@bendavis-stripe bendavis-stripe force-pushed the bendavis/fix-ansi-sanitation branch from 4fd8690 to 47f29b1 Compare May 9, 2026 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@irace-stripe irace-stripe irace-stripe approved these changes

@kreese-stripe kreese-stripe kreese-stripe approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bendavis-stripe @irace-stripe @kreese-stripe @ben-davis