Skip to content
Browse files

Ensure that commands and args are properly quoted if they contain spa…

…ces or reserved shell characters (on Windows). states that "all reserved shell characters not in double quotes must be escaped." It also states that "any argument that contains spaces...must be enclosed in double quotes" Furthermore, "if a double-quoted argument itself contains a double quote character, the double quote must be doubled."
  • Loading branch information...
1 parent 232ccd1 commit e88067ac9196bf43365e7d4aa7f0950312492bd1 @cablegram cablegram committed
Showing with 4 additions and 1 deletion.
  1. +4 −1 lib/execjs/external_runtime.rb
5 lib/execjs/external_runtime.rb
@@ -183,7 +183,10 @@ def sh(command)
def shell_escape(*args)
# see
- { |arg| arg.gsub(/([&|()<>^ "])/,'^\1') }.join(" ")
+ { |arg|
+ arg = %Q("#{arg.gsub('"','""')}") if arg.match(/[&|()<>^ "]/)
+ arg
+ }.join(" ")
def shell_escape(*args)

0 comments on commit e88067a

Please sign in to comment.
Something went wrong with that request. Please try again.