App names with double quotes (") not escaped in yabai queries #1489
Labels
bug
Something isn't working
Comments
|
Do you have a sample? The app name is pulled from what is shown in Activity Monitor and I didn't think those could contain quotes and such. |
|
This is a fresh macOS app created in Xcode. This can be reproduced by just setting the Display Name of a macOS app (or Since there's no sanitisation, yabai will thus return: |
koekeishiya
added a commit
that referenced
this issue
Oct 20, 2022
koekeishiya
added
addressed on master; not released
koekeishiya
removed
the
addressed on master; not released
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've recently stumbled across an app with an app name containing double quotes, which caused
yabai -m query --windows --windowto output invalid json. From the source code here, it appears while app window titles are escaped, app names are not.This has consequences like being able to inject arbitrary data into queries, though I don't think there's much harm that can be done just from that alone.
The text was updated successfully, but these errors were encountered: