Correct escaping of double qouting for PowerShell

ericcornelissen · ericcornelissen · commit ec2e2f7294ad · 2026-04-04T18:59:06.000+02:00
As identified by differential testing (see [1]), this fixes escaping of double quoting. In particular for cases like `"\\"` in which the first `"` prevented the regular expression from matching the second `"` due to the first capturing group in `backslashQuote`. This is fixed using the marker technique introduced in [2]. To prevent regressions various unit test fixtures for this and similar cases were added. [1]: cc1076d [2]: 0f38a42
diff --git a/src/internal/win/powershell.js b/src/internal/win/powershell.js
@@ -22,7 +22,9 @@ export function getEscapeFunction() {
   const whitespace = new RegExp("([\\s\u0085])", "g");
   const whitespacePrefix = new RegExp("^[\\s\u0085]+");
 
-  const backslashQuote = new RegExp('(^|[^\\\\])(\\\\*)("+)', "g");
+  const quote = new RegExp('"', "g");
+  const backslashBeforeQuote = new RegExp("(^|[^\\\\])(\\\\*)\0", "g");
+
   const backslashSuffix = new RegExp("([^\\\\])(\\\\+)$");
 
   return (arg) => {
@@ -36,16 +38,13 @@ export function getEscapeFunction() {
 
     if (whitespace.test(arg.replace(whitespacePrefix, ""))) {
       arg = arg
-        .replace(
-          backslashQuote,
-          (_, $1, $2, $3) => `${$1}${$2}${$2}${'`"`"'.repeat($3.length)}`,
-        )
+        .replace(quote, '\0`"`"')
+        .replace(backslashBeforeQuote, "$1$2$2")
         .replace(backslashSuffix, "$1$2$2");
     } else {
-      arg = arg.replace(
-        backslashQuote,
-        (_, $1, $2, $3) => `${$1}${$2}${$2}${'\\`"'.repeat($3.length)}`,
-      );
+      arg = arg
+        .replace(quote, '\0\\`"')
+        .replace(backslashBeforeQuote, "$1$2$2");
     }
 
     arg = arg.replace(whitespace, "`$1");
@@ -66,24 +65,21 @@ function getQuoteEscapeFunction() {
 
   const whitespace = new RegExp("[\\s\u0085]");
 
-  const backslashQuote = new RegExp('(^|[^\\\\])(\\\\*)("+)', "g");
+  const quote = new RegExp('"', "g");
+  const backslashBeforeQuote = new RegExp("(^|[^\\\\])(\\\\*)\0", "g");
+
   const backslashSuffix = new RegExp("([^\\\\])(\\\\+)$");
 
   return (arg) => {
     arg = arg.replace(controls, "").replace(crs, "$1").replace(quotes, "$1$1");
 
     if (whitespace.test(arg)) {
       arg = arg
-        .replace(
-          backslashQuote,
-          (_, $1, $2, $3) => `${$1}${$2}${$2}${'""'.repeat($3.length)}`,
-        )
+        .replace(quote, '\0""')
+        .replace(backslashBeforeQuote, "$1$2$2")
         .replace(backslashSuffix, "$1$2$2");
     } else {
-      arg = arg.replace(
-        backslashQuote,
-        (_, $1, $2, $3) => `${$1}${$2}${$2}${'\\"'.repeat($3.length)}`,
-      );
+      arg = arg.replace(quote, '\0\\"').replace(backslashBeforeQuote, "$1$2$2");
     }
 
     return arg;
diff --git a/test/fixtures/win.js b/test/fixtures/win.js
@@ -3002,6 +3002,10 @@ export const escape = {
         input: 'a\\"b',
         expected: 'a\\\\\\`"b',
       },
+      {
+        input: 'a\\\\"b',
+        expected: 'a\\\\\\\\\\`"b',
+      },
       {
         input: 'a\\"b\\"c',
         expected: 'a\\\\\\`"b\\\\\\`"c',
@@ -3014,6 +3018,10 @@ export const escape = {
         input: '\\"a',
         expected: '\\\\\\`"a',
       },
+      {
+        input: '"\\"',
+        expected: '\\`"\\\\\\`"',
+      },
     ],
     "double quotes ('\"') + whitespace": [
       {
@@ -5304,6 +5312,22 @@ export const quote = {
         input: 'a\\\\"b',
         expected: "'a\\\\\\\\\\\"b'",
       },
+      {
+        input: 'a\\"b\\"c',
+        expected: "'a\\\\\\\"b\\\\\\\"c'",
+      },
+      {
+        input: 'a\\"',
+        expected: "'a\\\\\\\"'",
+      },
+      {
+        input: '\\"a',
+        expected: "'\\\\\\\"a'",
+      },
+      {
+        input: '"\\"',
+        expected: "'\\\"\\\\\\\"'",
+      },
     ],
     "double quotes ('\"') + whitespace": [
       {
diff --git a/test/unit/win/differential.test.js b/test/unit/win/differential.test.js
@@ -10,6 +10,8 @@ import * as fc from "fast-check";
 import * as old from "../../../node_modules/shescape-previous/src/internal/win/powershell.js";
 import * as upd from "../../../src/internal/win/powershell.js";
 
+const numRuns = 5_000_000;
+
 testProp(
   "escape functionality is unchanged",
   [fc.string()],
@@ -21,7 +23,7 @@ testProp(
     const want = oldFn(arg);
     t.is(got, want);
   },
-  { numRuns: 1_000_000 },
+  { numRuns },
 );
 
 testProp(
@@ -35,7 +37,7 @@ testProp(
     const want = oldFn[0](oldFn[1](arg));
     t.is(got, want);
   },
-  { numRuns: 1_000_000 },
+  { numRuns },
 );
 
 testProp(
@@ -49,5 +51,5 @@ testProp(
     const want = oldFn(arg);
     t.is(got, want);
   },
-  { numRuns: 1_000_000 },
+  { numRuns },
 );
