Y
Hacker News
new
|
ask
|
show
|
jobs
by
blorgle
1643 days ago
You shouldn't pass unescaped/untrusted input into a subshell but your suggestion doesn't solve for every case. It protects against ";" but not path traversal with "../../../../../foo/bar".
1 comments
yjftsjthsd-h
1643 days ago
You'd have to cover that if you wrote your own library function, though; it's attack surface, but not uniquely so.
link