On Thu, Dec 24, 2020 at 1:34 AM Barry Scott <barry@barrys-emacs.org> wrote:
    if sys.playform == 'win32':
        sys.stdout.write('\x1b[2J' '\x1b[H')

No concern about CLS being a trojan becuse as a builtin to CMD and PowerShell
and it takes priority over cls.bat etc.

Because it's a shell builtin, you have to run the shell to use it. If it wasn't a shell builtin, you could run it directly. Either way you have to make sure you're running the right executable. I suppose finding the right shell is easier since you can use COMSPEC, but if you don't trust the path then I'm not sure you should trust COMSPEC.

As Eryk Sun said, cls erases the scrollback, while your non-win32 code doesn't. The popular cmd.exe replacement TCC/LE seems to have different default behavior for cls, erasing only the visible text by default. You can add /c to match cmd.exe's behavior, but cls/c is an error in cmd.exe. TCC also has cls/s which moves the visible text into the scrollback, which might be the best behavior for Python, but if we want that we'll have to do it in-process since we can't rely on TCC being present.

Spawning processes that run for 1ms and do a trivial thing is common in the Unix world but it's not idiomatic in Windows. It feels like a CVE in the making. (Even on Unix, to be honest.)