diff options
| author | Stefan Kangas | 2023-09-17 17:03:59 +0200 |
|---|---|---|
| committer | Stefan Kangas | 2023-09-17 17:06:43 +0200 |
| commit | 94bef169e2e8af68514c649eca4b789e8a0f4dae (patch) | |
| tree | 7cd6c920416f3be57cc4bfaf99fce58264cc2f72 /lisp | |
| parent | b74d9e8bad9cfbd19ee4d7c56bff9349ca8fb07a (diff) | |
| download | emacs-94bef169e2e8af68514c649eca4b789e8a0f4dae.tar.gz emacs-94bef169e2e8af68514c649eca4b789e8a0f4dae.zip | |
Document shell-command-to-string security considerations
* lisp/simple.el (shell-command-to-string): Document security
considerations in docstring.
Diffstat (limited to 'lisp')
| -rw-r--r-- | lisp/simple.el | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lisp/simple.el b/lisp/simple.el index a128ff41051..12d760a198f 100644 --- a/lisp/simple.el +++ b/lisp/simple.el | |||
| @@ -5060,7 +5060,15 @@ characters." | |||
| 5060 | exit-status)) | 5060 | exit-status)) |
| 5061 | 5061 | ||
| 5062 | (defun shell-command-to-string (command) | 5062 | (defun shell-command-to-string (command) |
| 5063 | "Execute shell command COMMAND and return its output as a string." | 5063 | "Execute shell command COMMAND and return its output as a string. |
| 5064 | Use `shell-quote-argument' to quote dangerous characters in | ||
| 5065 | COMMAND before passing it as an argument to this function. | ||
| 5066 | |||
| 5067 | Use this function only when a shell interpreter is needed. In | ||
| 5068 | other cases, consider alternatives such as `call-process' or | ||
| 5069 | `process-lines', which do not invoke the shell. Prefer built-in | ||
| 5070 | functions like `mv' to the external command \"mv\". For more | ||
| 5071 | information, see Info node ‘(elisp)Security Considerations’." | ||
| 5064 | (with-output-to-string | 5072 | (with-output-to-string |
| 5065 | (with-current-buffer standard-output | 5073 | (with-current-buffer standard-output |
| 5066 | (shell-command command t)))) | 5074 | (shell-command command t)))) |