From 9596c5d614eb58b507514c645da5d7017d20e36d Mon Sep 17 00:00:00 2001
From: Matthew Horan <matt@matthoran.com>
Date: Sun, 30 Dec 2012 13:45:23 -0500
Subject: [PATCH] Escape control characters in JSON strings

---
 src/JsonSerializer.cpp | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/JsonSerializer.cpp b/src/JsonSerializer.cpp
index 946d6c4a..28e9b3a7 100644
--- a/src/JsonSerializer.cpp
+++ b/src/JsonSerializer.cpp
@@ -84,14 +84,19 @@ void JsonSerializer::addMap(const QVariantMap &map) {
 
 QString JsonSerializer::sanitizeString(QString str) {
   str.replace("\\", "\\\\");
+  str.replace("\"", "\\\"");
+  str.replace("\b", "\\b");
+  str.replace("\f", "\\f");
+  str.replace("\n", "\\n");
+  str.replace("\r", "\\r");
+  str.replace("\t", "\\t");
 
-  // escape unicode chars
   QString result;
   const ushort* unicode = str.utf16();
   unsigned int i = 0;
 
   while (unicode[i]) {
-    if (unicode[i] < 128) {
+    if (unicode[i] > 31 && unicode[i] < 128) {
       result.append(unicode[i]);
     }
     else {
@@ -101,15 +106,7 @@ QString JsonSerializer::sanitizeString(QString str) {
     }
     ++i;
   }
-  str = result;
-
-  str.replace("\"", "\\\"");
-  str.replace("\b", "\\b");
-  str.replace("\f", "\\f");
-  str.replace("\n", "\\n");
-  str.replace("\r", "\\r");
-  str.replace("\t", "\\t");
 
-  return str;
+  return result;
 }