Sanitize CLI output against Unicode bidi control characters

Escape Unicode bidirectional override/embedding/isolate characters
(U+200E–U+2069) as \uXXXX in CLI JSON output to prevent them from
silently reordering displayed text in terminal emulators. serde_json
already handles ASCII control characters (U+0000–U+001F), but bidi
characters pass through unescaped.

The sanitization is done in the CLI display layer, not the server,
so the server returns raw data faithfully.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: benthecarman

e2e-tests/tests/e2e.rs

@@ -210,6 +210,36 @@ async fn test_cli_decode_invoice() {
 		run_cli(&server, &["decode-invoice", output_var["invoice"].as_str().unwrap()]);
 	assert!(decoded_var.get("amount_msat").is_none() || decoded_var["amount_msat"].is_null());
 	assert_eq!(decoded_var["description"], "no amount");
+
+	// Test that ANSI escape sequences cannot reach the terminal via CLI output.
+	// serde_json escapes control chars (U+0000–U+001F) as \uXXXX in JSON.
+	let desc_with_ansi = "pay me\x1b[31m RED \x1b[0m";
+	let output_ansi = run_cli(&server, &["bolt11-receive", "-d", desc_with_ansi]);
+	let raw_decoded = run_cli_raw(
+		&server,
+		&["decode-invoice", output_ansi["invoice"].as_str().unwrap()],
+	);
+	assert!(
+		!raw_decoded.contains('\x1b'),
+		"Raw CLI output must not contain ANSI escape bytes"
+	);
+
+	// Test that Unicode bidi override characters in the description are escaped
+	// (sanitize_for_terminal replaces them with \uXXXX in CLI output)
+	let desc_with_bidi = "pay me\u{202E}evil";
+	let output_bidi = run_cli(&server, &["bolt11-receive", "-d", desc_with_bidi]);
+	let raw_bidi = run_cli_raw(
+		&server,
+		&["decode-invoice", output_bidi["invoice"].as_str().unwrap()],
+	);
+	assert!(
+		!raw_bidi.contains('\u{202E}'),
+		"Raw CLI output must not contain bidi override characters"
+	);
+	assert!(
+		raw_bidi.contains("\\u202E"),
+		"Bidi characters should be escaped as \\uXXXX in output"
+	);
 }
 
 #[tokio::test]
@@ -273,6 +303,34 @@ async fn test_cli_decode_offer() {
 	let decoded_fixed =
 		run_cli(&server_a, &["decode-offer", output_fixed["offer"].as_str().unwrap()]);
 	assert_eq!(decoded_fixed["amount"]["amount"]["bitcoin_amount_msats"], 50_000_000);
+
+	// Test that ANSI escape sequences cannot reach the terminal via CLI output.
+	let desc_with_ansi = "offer\x1b[31m RED \x1b[0m";
+	let output_ansi = run_cli(&server_a, &["bolt12-receive", desc_with_ansi]);
+	let raw_decoded = run_cli_raw(
+		&server_a,
+		&["decode-offer", output_ansi["offer"].as_str().unwrap()],
+	);
+	assert!(
+		!raw_decoded.contains('\x1b'),
+		"Raw CLI output must not contain ANSI escape bytes"
+	);
+
+	// Test that Unicode bidi override characters in the description are escaped
+	let desc_with_bidi = "offer\u{202E}evil";
+	let output_bidi = run_cli(&server_a, &["bolt12-receive", desc_with_bidi]);
+	let raw_bidi = run_cli_raw(
+		&server_a,
+		&["decode-offer", output_bidi["offer"].as_str().unwrap()],
+	);
+	assert!(
+		!raw_bidi.contains('\u{202E}'),
+		"Raw CLI output must not contain bidi override characters"
+	);
+	assert!(
+		raw_bidi.contains("\\u202E"),
+		"Bidi characters should be escaped as \\uXXXX in output"
+	);
 }
 
 #[tokio::test]

ldk-server-cli/src/main.rs

@@ -7,6 +7,7 @@
 // You may not use this file except in accordance with one or both of these
 // licenses.
 
+use std::fmt::Write;
 use std::path::PathBuf;
 
 use clap::{CommandFactory, Parser, Subcommand};
@@ -1165,6 +1166,42 @@ where
 	}
 }
 
+/// Escapes Unicode bidirectional control characters as `\uXXXX` so they are visible
+/// in terminal output rather than silently reordering displayed text.
+/// serde_json already escapes ASCII control characters (U+0000–U+001F), but bidi
+/// overrides (U+200E–U+2069) pass through unescaped.
+fn sanitize_for_terminal(s: &str) -> String {
+	fn is_bidi_control(c: char) -> bool {
+		matches!(
+			c,
+			'\u{200E}' // LEFT-TO-RIGHT MARK
+			| '\u{200F}' // RIGHT-TO-LEFT MARK
+			| '\u{202A}' // LEFT-TO-RIGHT EMBEDDING
+			| '\u{202B}' // RIGHT-TO-LEFT EMBEDDING
+			| '\u{202C}' // POP DIRECTIONAL FORMATTING
+			| '\u{202D}' // LEFT-TO-RIGHT OVERRIDE
+			| '\u{202E}' // RIGHT-TO-LEFT OVERRIDE
+			| '\u{2066}' // LEFT-TO-RIGHT ISOLATE
+			| '\u{2067}' // RIGHT-TO-LEFT ISOLATE
+			| '\u{2068}' // FIRST STRONG ISOLATE
+			| '\u{2069}' // POP DIRECTIONAL ISOLATE
+		)
+	}
+	if s.chars().any(is_bidi_control) {
+		let mut out = String::with_capacity(s.len());
+		for c in s.chars() {
+			if is_bidi_control(c) {
+				write!(out, "\\u{:04X}", c as u32).unwrap();
+			} else {
+				out.push(c);
+			}
+		}
+		out
+	} else {
+		s.to_string()
+	}
+}
+
 fn handle_response_result<Rs, Js>(response: Result<Rs, LdkServerError>)
 where
 	Rs: Into<Js>,
@@ -1174,7 +1211,7 @@ where
 		Ok(response) => {
 			let json_response: Js = response.into();
 			match serde_json::to_string_pretty(&json_response) {
-				Ok(json) => println!("{json}"),
+				Ok(json) => println!("{}", sanitize_for_terminal(&json)),
 				Err(e) => {
 					eprintln!("Error serializing response ({json_response:?}) to JSON: {e}");
 					std::process::exit(1);