I need to run some shell commands from a Lua interpreter embedded in another Mac / Windows application, where shell commands are the only way to achieve certain things, for example, opening a help page in a browser. If I have a list of arguments (which may be the result of user input), how can I avoid each argument to prevent problems?
Inspired by this article , a simple solution is to avoid all non-alphanumeric characters, on Unix-like systems with \, on Windows with ^. As far as I can tell, this will prevent any argument from invoking
- execution of another command due to newline intervention,
;(Unix) or &(Windows) - replacing a command on Unix with
$or` - Assessing variables in Windows with
% - redirection with
<, |and>
In addition, any character that acts as an escape character on the appropriate platform will be escaped properly.
It seems to me that this sounds to me, but are there any pitfalls that I may have missed? I know that in bash, \followed by a new line, it will effectively delete the new line, which is not a problem here.
EDIT
: , , escape-, Windows, * nix. , , Windows , , Windows , .
:
, , , , .