escape string for command line
Ksenia Marasanova
ksenia.marasanova at gmail.com
Sat Jan 8 16:26:01 EST 2005
> >
> > I was wondering, is there a general way to escape the string entered
> > by the user, to prevent code injection into command line?
>
> Take a look at the "string-escape" encoding:
>
> >>> evil = "'; rm -rf /;"
> >>> command = "echo '%s'"
> >>> print command % evil.encode('string-escape')
> echo '\'; rm -rf /;'
Cool, thanks! Next time I'll study stdlib better before asking the question :)
--
Ksenia
More information about the Python-list
mailing list