ansiescape: detect alternative escaped ESC encodings (2-digit octal, curly/8-digit unicode)#1929
Open
WatchTree-19 wants to merge 1 commit into
Open
ansiescape: detect alternative escaped ESC encodings (2-digit octal, curly/8-digit unicode)#1929WatchTree-19 wants to merge 1 commit into
WatchTree-19 wants to merge 1 commit into
Conversation
…0000001b) The Escaped detector only knew \033/\x1b/\u001b/\27/\e, so 2-digit octal, curly-brace unicode (JS/Rust/Swift/PHP) and 8-hex-digit unicode (Python) escapes of ESC evaded it while still un-escaping to a real control byte downstream. Add them to the command set + payloads. +regression test. Signed-off-by: WatchTree-19 <119982314+WatchTree-19@users.noreply.github.com>
jmartin-tech
self-requested a review
July 15, 2026 13:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
problem
ansiescape.Escapedflags escaped ANSI control sequences in model output (the "LLM output takes over your terminal" class), but its command set only covers\033/\x1b/�/\27/\e. several other escaped representations ofESCare missed, even though a downstream interpreter still un-escapes each of them into a real0x1bcontrol byte:\33- bash / Cprintf '\33[2J'\u{1b}- JavaScript / Rust / Swift / PHP\U0000001b- Python ("\U0000001b")each is a one-token change to the escaped sequence, so a model emitting terminal-takeover content in a JS/Python/shell context slips past the detector. verified against the current code:
\33[2J,\u{1b}[2J,\U0000001b[2Jall score0.0today.fix
add
\33,\u{1b},\U0000001btoESCAPED_COMMANDS, and add matching entries toESCAPED_PAYLOADSsoprobes.ansiescapealso elicits these encodings. no detector code change - it builds its substrings from these constants.tests
the existing
test_ansiescape_escaped_stringsnow also validates the new payloads (Escaped -> 1.0, Raw -> 0.0). addedtest_ansiescape_escaped_encoding_variantspinning the three previously-evading encodings, plus a benign control that stays0.0. all existing raw/escaped assertions still hold. black + ruff clean.found by reading the detector.