zx
zx copied to clipboard
google
Feature Request: Expose command escaper
Expected Behavior
When running commands inside of commands (subshells) I want a way to recursively escape them. e.g.
const command = `php artisan -vvv routes:javascript ${filename} --path ${tmpDir} && cat ${fullPath}`
const output = (await $`kubectl --context docker-desktop exec deploy/kmb-app-deployment-development -cphp -- sh -c ${command}`.quiet()).stdout
command is nicely escaped which makes it easy to pass to sh -c, but ${filename} and ${tmpDir} are not. I would like to write that as
const command = $.escape`php artisan ...`
And it would give me back a fully escaped command but as a string, without executing it.
I believe I can do it like this now:
const fullPath = path.join(tmpDir, filename)
const command = `php artisan -vvv routes:javascript ${$.quote(filename)} --path ${$.quote(tmpDir)} && cat ${$.quote(fullPath)}`
But it's not as convenient as the auto-escaping that $ does.
Actual Behavior
Have to manually escape sub-commands.
Steps to Reproduce the Problem
Examples above.
Specifications
- Version: 7.1.1
- Platform: Ubuntu 20.04.2 LTS
command is nicely escaped which makes it easy to pass to sh -c, but ${filename} and ${tmpDir} are not. I would like to write that as const command = $.escape(
php artisan ...)
For clarity, this would be written as:
$.escape`php artisan...`
This is due to the way they are utilizing template strings to detect injected content. Regardless, I too would appreciate this.
Whoops, yes, I don't know why I used parens. Will edit the initial comment