quickjs icon indicating copy to clipboard operation
quickjs copied to clipboard
Published 3 weeks ago verified publisher icon bellard

Fix shell injection bug in `std.urlGet`

Open fstirlitz opened this issue 4 years ago • 0 comments

This corrects the basically non-functional escaping scheme. An -- argument is added to prevent misinterpreting an initial - as an option character. Curly and square brackets (and backslashes) are additionally escaped to avoid triggering curl’s request batching syntax.

(Sorry for not using the mailing list, I am not currently able to.)

fstirlitz avatar Apr 06 '21 15:04 fstirlitz