emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Add shell-quasiquote.

From: Eli Zaretskii
Subject: Re: [PATCH] Add shell-quasiquote.
Date: Sat, 17 Oct 2015 20:28:05 +0300 
> From: address@hidden (Taylan Ulrich Bayırlı/Kammer)
> Cc: address@hidden
> Date: Sat, 17 Oct 2015 19:14:16 +0200
> 
> Eli Zaretskii <address@hidden> writes:
> 
> >> +;;; Like `shell-quote-argument', but much simpler in implementation.
> >> +(defun shqq--quote-string (string)
> >> +  (concat "'" (replace-regexp-in-string "'" "'\\\\''" string) "'"))
> >
> > It might be simpler, but it's wrong, because the result is only
> > correct for Posix shells.
> >
> > Please do use shell-quote-argument instead.
> 
> Hmm, I don't really want to take responsibility of my library being used
> with shells other than POSIX shells.  (The library could make that
> clearer and error on other systems.)

I don't think we'd like to have packages limited in that way.  AFAIK,
we didn't until now, at least not consciously.

And it really isn't a big deal.  Emacs already has all the
infrastructure for portable handling of shell commands.

> How much can I rely on shell-quote-argument?

You can rely on it.  Emacs uses it in umpteen important places.

> Can one fully rely on it being safe against code injection?

I don't think I understand what code injection you had in mind.
Please elaborate.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]