fix: 修正编译器 hat param 未 sanitize 导致的任意执行漏洞

Signed-off-by: FurryR <[email protected]>

src/compiler/jsgen.js

@@ -446,7 +446,7 @@ class JSGenerator {
             return new TypedInput(`${JSON.stringify(node.value)}`, TYPE_UNKNOWN);
 
         case 'args.ccw_hat_parameter':
-            return new TypedInput(`(thread.hatParam ? thread.hatParam['${node.index}']: null)`, TYPE_UNKNOWN);
+            return new TypedInput(`(thread.hatParam ? thread.hatParam["${sanitize(node.index)}"]: null)`, TYPE_UNKNOWN);
 
         case 'addons.call':
             return new TypedInput(`(${this.descendAddonCall(node)})`, TYPE_UNKNOWN);