From 7bcde68b9fd4c8e080399cca18943c4afe79a987 Mon Sep 17 00:00:00 2001
From: JFronny <git@akbvopenfl1.hopto.org>
Date: Sat, 20 Apr 2024 14:30:39 +0200
Subject: [PATCH] fix(serialize-json): prevent json injection via malicious
 comments

---
 .../io/gitlab/jfronny/commons/serialize/json/JsonWriter.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/commons-serialize-json/src/main/java/io/gitlab/jfronny/commons/serialize/json/JsonWriter.java b/commons-serialize-json/src/main/java/io/gitlab/jfronny/commons/serialize/json/JsonWriter.java
index d5443c1..db44b56 100644
--- a/commons-serialize-json/src/main/java/io/gitlab/jfronny/commons/serialize/json/JsonWriter.java
+++ b/commons-serialize-json/src/main/java/io/gitlab/jfronny/commons/serialize/json/JsonWriter.java
@@ -182,7 +182,10 @@ public class JsonWriter extends SerializeWriter<IOException, JsonWriter> impleme
     private void writeDeferredComment() throws IOException {
         if (!deferredComments.isEmpty()) {
             if (newline.isEmpty()) {
-                out.append("/* ").append(String.join(" / ", deferredComments)).append(" */");
+                out.append("/* ")
+                        .append(String.join(" / ", deferredComments)
+                                .replace("*/", "#/"))
+                        .append(" */");
             } else {
                 boolean first = true;
                 for (String s : deferredComments) {