From 944a2437531475608215f389b1298a0efba15316 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Mon, 3 May 2021 11:57:48 +0100
Subject: [PATCH] [AspellWorker] sanitize user input before writing it to the
 worker pipe

---
 services/spelling/app/js/ASpellWorker.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/services/spelling/app/js/ASpellWorker.js b/services/spelling/app/js/ASpellWorker.js
index 702d03e1d9..ff4debd034 100644
--- a/services/spelling/app/js/ASpellWorker.js
+++ b/services/spelling/app/js/ASpellWorker.js
@@ -233,6 +233,8 @@ class ASpellWorker {
   }
 
   sendCommand(command) {
+    // Sanitize user input. Reject line feed characters.
+    command = command.replace(/[\r\n]/g, '')
     return this.pipe.stdin.write(command + '\n')
   }
 }