This repository has been archived by the owner. It is now read-only.
Browse files

Ensure that commands and args are properly quoted if they contain spa…

…ces or reserved shell characters (on Windows). states that "all reserved shell characters not in double quotes must be escaped." It also states that "any argument that contains spaces...must be enclosed in double quotes" Furthermore, "if a double-quoted argument itself contains a double quote character, the double quote must be doubled."
  • Loading branch information...
cablegram committed Sep 22, 2011
1 parent 232ccd1 commit e88067ac9196bf43365e7d4aa7f0950312492bd1
Showing with 4 additions and 1 deletion.
  1. +4 −1 lib/execjs/external_runtime.rb
@@ -183,7 +183,10 @@ def sh(command)
def shell_escape(*args)
# see
- { |arg| arg.gsub(/([&|()<>^ "])/,'^\1') }.join(" ")
+ { |arg|
+ arg = %Q("#{arg.gsub('"','""')}") if arg.match(/[&|()<>^ "]/)
+ arg
+ }.join(" ")
def shell_escape(*args)

0 comments on commit e88067a

Please sign in to comment.