AdrianMachado
diff --git a/‎README.md‎
Lines changed: 5 additions & 3 deletions b/‎README.md‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎src/fixtures/requests/application-json.js‎
Lines changed: 3 additions & 3 deletions b/‎src/fixtures/requests/application-json.js‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/fixtures/requests/headers.js‎
Lines changed: 4 additions & 0 deletions b/‎src/fixtures/requests/headers.js‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/helpers/escape.test.ts‎
Lines changed: 27 additions & 0 deletions b/‎src/helpers/escape.test.ts‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎src/helpers/escape.ts‎
Lines changed: 91 additions & 0 deletions b/‎src/helpers/escape.ts‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎src/integration.test.ts‎
Lines changed: 1 addition & 1 deletion b/‎src/integration.test.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/targets/c/libcurl/client.ts‎
Lines changed: 2 additions & 1 deletion b/‎src/targets/c/libcurl/client.ts‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/targets/c/libcurl/fixtures/application-json.c‎
Lines changed: 1 addition & 1 deletion b/‎src/targets/c/libcurl/fixtures/application-json.c‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/targets/c/libcurl/fixtures/headers.c‎
Lines changed: 1 addition & 0 deletions b/‎src/targets/c/libcurl/fixtures/headers.c‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/targets/clojure/clj_http/fixtures/application-json.clj‎
Lines changed: 1 addition & 1 deletion b/‎src/targets/clojure/clj_http/fixtures/application-json.clj‎
Lines changed: 1 addition & 1 deletion
@@ -160,13 +160,15 @@ There are some major differences between this library and the [httpsnippet](http
 * Does not do any HAR schema validation. It's just assumed that the HAR you're supplying to the library is already valid.
 * The main `HTTPSnippet` export contains an `options` argument for an `harIsAlreadyEncoded` option for disabling [escaping](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) of cookies and query strings in URLs.
   * We added this because all HARs that we interact with already have this data escaped and this option prevents them from being double encoded, thus corrupting the data.
+* Does not support the `insecureSkipVerify` option on `go:native`, `node:native`, `ruby:native`, and `shell:curl` as we don't want snippets generated for our users to bypass SSL certificate verification.
 * Node
   * `fetch`
-    * Body payloads are treated as an object literal and wrapped within `JSON.stringify()`. We do this to keep those targets looking nicer with those kinds of payloads. This also applies to the JS `fetch` target as wel.
+    * Body payloads are treated as an object literal and wrapped within `JSON.stringify()`. We do this to keep those targets looking nicer with those kinds of payloads. This also applies to the JS `fetch` target as well.
   * `request`
     * Does not provide query string parameters in a `params` argument due to complexities with query encoding.
-* PHP → `guzzle`
-  * Snippets have `require_once('vendor/autoload.php');` prefixed at the top.
+* PHP
+  * `guzzle`
+    * Snippets have `require_once('vendor/autoload.php');` prefixed at the top.
 * Python
   * `python3`
     * Does not ship this client due to its incompatibility with being able to support file uploads.
 
@@ -18,7 +18,7 @@ module.exports = {
           ],
           postData: {
             mimeType: 'application/json',
-            text: '{"number":1,"string":"f\\"oo","arr":[1,2,3],"nested":{"a":"b"},"arr_mix":[1,"a",{"arr_mix_nested":{}}],"boolean":false}',
+            text: '{"number":1,"string":"f\\"oo","arr":[1,2,3],"nested":{"a":"b"},"arr_mix":[1,"a",{"arr_mix_nested":[]}],"boolean":false}',
           },
         },
         response: {
@@ -36,7 +36,7 @@ module.exports = {
             mimeType: 'application/json',
             text: JSON.stringify({
               args: {},
-              data: '{\n  "number": 1,\n  "string": "f\\"oo",\n  "arr": [\n    1,\n    2,\n    3\n  ],\n  "nested": {\n    "a": "b"\n  },\n  "arr_mix": [\n    1,\n    "a",\n    {\n      "arr_mix_nested": {}\n    }\n  ],\n  "boolean": false\n}',
+              data: '{\n  "number": 1,\n  "string": "f\\"oo",\n  "arr": [\n    1,\n    2,\n    3\n  ],\n  "nested": {\n    "a": "b"\n  },\n  "arr_mix": [\n    1,\n    "a",\n    {\n      "arr_mix_nested": []\n    }\n  ],\n  "boolean": false\n}',
               files: {},
               form: {},
               headers: {
@@ -48,7 +48,7 @@ module.exports = {
                   1,
                   'a',
                   {
-                    arr_mix_nested: {},
+                    arr_mix_nested: [],
                   },
                 ],
                 boolean: false,
 
@@ -23,6 +23,10 @@ module.exports = {
               name: 'x-bar',
               value: 'Foo',
             },
+            {
+              name: 'quoted-value',
+              value: '"quoted" \'string\'',
+            },
           ],
         },
         response: {
 
@@ -0,0 +1,27 @@
+import { escapeString } from './escape';
+
+describe('Escape methods', () => {
+  describe('escapeString', () => {
+    it('does nothing to a safe string', () => {
+      expect(escapeString('hello world')).toBe('hello world');
+    });
+
+    it('escapes double quotes by default', () => {
+      expect(escapeString('"hello world"')).toBe('\\"hello world\\"');
+    });
+
+    it('escapes newlines by default', () => {
+      expect(escapeString('hello\r\nworld')).toBe('hello\\r\\nworld');
+    });
+
+    it('escapes backslashes', () => {
+      expect(escapeString('hello\\world')).toBe('hello\\\\world');
+    });
+
+    it('escapes unrepresentable characters', () => {
+      expect(
+        escapeString('hello \u0000') // 0 = ASCII 'null' character
+      ).toBe('hello \\u0000');
+    });
+  });
+});
@@ -0,0 +1,91 @@
+export interface EscapeOptions {
+  /**
+   * The delimiter that will be used to wrap the string (and so must be escaped
+   * when used within the string).
+   * Defaults to "
+   */
+  delimiter?: string;
+
+  /**
+   * The char to use to escape the delimiter and other special characters.
+   * Defaults to \
+   */
+  escapeChar?: string;
+
+  /**
+   * Whether newlines (\n and \r) should be escaped within the string.
+   * Defaults to true.
+   */
+  escapeNewlines?: boolean;
+}
+
+/**
+ * Escape characters within a value to make it safe to insert directly into a
+ * snippet. Takes options which define the escape requirements.
+ *
+ * This is closely based on the JSON-stringify string serialization algorithm,
+ * but generalized for other string delimiters (e.g. " or ') and different escape
+ * characters (e.g. Powershell uses `)
+ *
+ * See https://tc39.es/ecma262/multipage/structured-data.html#sec-quotejsonstring
+ * for the complete original algorithm.
+ */
+export function escapeString(rawValue: any, options: EscapeOptions = {}) {
+  const { delimiter = '"', escapeChar = '\\', escapeNewlines = true } = options;
+
+  const stringValue = rawValue.toString();
+
+  return [...stringValue]
+    .map(c => {
+      if (c === '\b') {
+        return `${escapeChar}b`;
+      } else if (c === '\t') {
+        return `${escapeChar}t`;
+      } else if (c === '\n') {
+        if (escapeNewlines) {
+          return `${escapeChar}n`;
+        }
+
+        return c; // Don't just continue, or this is caught by < \u0020
+      } else if (c === '\f') {
+        return `${escapeChar}f`;
+      } else if (c === '\r') {
+        if (escapeNewlines) {
+          return `${escapeChar}r`;
+        }
+
+        return c; // Don't just continue, or this is caught by < \u0020
+      } else if (c === escapeChar) {
+        return escapeChar + escapeChar;
+      } else if (c === delimiter) {
+        return escapeChar + delimiter;
+      } else if (c < '\u0020' || c > '\u007E') {
+        // Delegate the trickier non-ASCII cases to the normal algorithm. Some of these
+        // are escaped as \uXXXX, whilst others are represented literally. Since we're
+        // using this primarily for header values that are generally (though not 100%
+        // strictly?) ASCII-only, this should almost never happen.
+        return JSON.stringify(c).slice(1, -1);
+      }
+
+      return c;
+    })
+    .join('');
+}
+
+/**
+ * Make a string value safe to insert literally into a snippet within single quotes,
+ * by escaping problematic characters, including single quotes inside the string,
+ * backslashes, newlines, and other special characters.
+ *
+ * If value is not a string, it will be stringified with .toString() first.
+ */
+export const escapeForSingleQuotes = (value: any) => escapeString(value, { delimiter: "'" });
+
+/**
+ * Make a string value safe to insert literally into a snippet within double quotes,
+ * by escaping problematic characters, including double quotes inside the string,
+ * backslashes, newlines, and other special characters.
+ *
+ * If value is not a string, it will be stringified with .toString() first.
+ */
+export const escapeForDoubleQuotes = (value: any) => escapeString(value, { delimiter: '"' });
@@ -97,7 +97,7 @@ availableTargets()
   .filter(target => target.cli)
   .filter(testFilter('key', environmentFilter()))
   .forEach(({ key: targetId, cli: targetCLI, title, extname: fixtureExtension, clients }) => {
-    describe(`${title} integration tests`, () => {
+    (process.env.NODE_ENV === 'test' ? describe.skip : describe)(`${title} integration tests`, () => {
       clients.filter(testFilter('key', clientFilter(targetId))).forEach(({ key: clientId }) => {
         // If we're in an HTTPBin-powered Docker environment we only want to run tests for the
         // client that our Docker has been configured for.
 
@@ -1,6 +1,7 @@
 import type { Client } from '../../targets';
 
 import { CodeBuilder } from '../../../helpers/code-builder';
+import { escapeForDoubleQuotes } from '../../../helpers/escape';
 
 export const libcurl: Client = {
   info: {
@@ -26,7 +27,7 @@ export const libcurl: Client = {
       push('struct curl_slist *headers = NULL;');
 
       headers.forEach(header => {
-        push(`headers = curl_slist_append(headers, "${header}: ${headersObj[header]}");`);
+        push(`headers = curl_slist_append(headers, "${header}: ${escapeForDoubleQuotes(headersObj[header])}");`);
       });
 
       push('curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);');
 
@@ -7,6 +7,6 @@ struct curl_slist *headers = NULL;
 headers = curl_slist_append(headers, "content-type: application/json");
 curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
 
-curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"number\":1,\"string\":\"f\\\"oo\",\"arr\":[1,2,3],\"nested\":{\"a\":\"b\"},\"arr_mix\":[1,\"a\",{\"arr_mix_nested\":{}}],\"boolean\":false}");
+curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"number\":1,\"string\":\"f\\\"oo\",\"arr\":[1,2,3],\"nested\":{\"a\":\"b\"},\"arr_mix\":[1,\"a\",{\"arr_mix_nested\":[]}],\"boolean\":false}");
 
 CURLcode ret = curl_easy_perform(hnd);
@@ -7,6 +7,7 @@ struct curl_slist *headers = NULL;
 headers = curl_slist_append(headers, "accept: application/json");
 headers = curl_slist_append(headers, "x-foo: Bar");
 headers = curl_slist_append(headers, "x-bar: Foo");
+headers = curl_slist_append(headers, "quoted-value: \"quoted\" 'string'");
 curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
 
 CURLcode ret = curl_easy_perform(hnd);
@@ -5,5 +5,5 @@
                                                            :string "f\"oo"
                                                            :arr [1 2 3]
                                                            :nested {:a "b"}
-                                                           :arr_mix [1 "a" {:arr_mix_nested {}}]
+                                                           :arr_mix [1 "a" {:arr_mix_nested []}]
                                                            :boolean false}})