[cwillu]

The OpenSSH fix isn't a fix though, it depends on ssh knowing what badness needs to be filtered out, but the shell is set by the user.

It needs to be changed to pass data in a way that doesn't require escaping to reference, such as an environment variable: "$HOST" would then be expanded by the shell, and all the usual rules for safely using environment variables would apply, because ssh wouldn't be the thing performing the variable expansion like it is now.

(For most purposes, my original take in the top level was wrong, but it's too late to edit it now)