25 Aug
2015
25 Aug
'15
11:54 a.m.
On 08/25/2015 11:40 AM, Nikolaus Rath wrote:
So any function that doesn't special-case estr will "bypass" the escaping and pass it do it's version of the do_something() function without quoting.
Yes, system(command % dangerous) was dangerous and will still be. Confining input to e-strings is probably not practical. That's a good point. -Mike