|
From: | Paul Eggert |
Subject: | Re: [PATCH] Add shell-quasiquote. |
Date: | Sat, 17 Oct 2015 19:40:21 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
Taylan Ulrich Bayırlı/Kammer wrote:
Please tell me which shells shell-quote-argument is guaranteed to work safely on
Nobody can tell you that. What we can tell you is that shell-quote-argument works on a superset of uses that shqq--quote-string works on. The trust-based arguments against using shell-quote-argument all apply, with greater force, against using shqq--quote-string. For example, shqq--quote-string is more vulnerable to code-injection attacks than shell-quote-argument is.
I am not a fan of non-POSIX shells. They are a hassle to deal with and can cause significant problems in Emacs maintenance. In areas where they are a significant problem, we don't need to support them. But this particular instance is not a significant problem. Emacs already has a portable, tested, easy-to-use function to quote shell arguments, and there's good reason to use it here.
[Prev in Thread] | Current Thread | [Next in Thread] |