escape string for command line
ksenia.marasanova at gmail.com
Sat Jan 8 22:26:01 CET 2005
> > I was wondering, is there a general way to escape the string entered
> > by the user, to prevent code injection into command line?
> Take a look at the "string-escape" encoding:
> >>> evil = "'; rm -rf /;"
> >>> command = "echo '%s'"
> >>> print command % evil.encode('string-escape')
> echo '\'; rm -rf /;'
Cool, thanks! Next time I'll study stdlib better before asking the question :)
More information about the Python-list