From: Stefan Kangas Date: Sun, 17 Sep 2023 15:03:59 +0000 (+0200) Subject: Document shell-command-to-string security considerations X-Git-Tag: emacs-29.1.90~72 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=94bef169e2e8af68514c649eca4b789e8a0f4dae;p=emacs.git Document shell-command-to-string security considerations * lisp/simple.el (shell-command-to-string): Document security considerations in docstring. --- diff --git a/lisp/simple.el b/lisp/simple.el index a128ff41051..12d760a198f 100644 --- a/lisp/simple.el +++ b/lisp/simple.el @@ -5060,7 +5060,15 @@ characters." exit-status)) (defun shell-command-to-string (command) - "Execute shell command COMMAND and return its output as a string." + "Execute shell command COMMAND and return its output as a string. +Use `shell-quote-argument' to quote dangerous characters in +COMMAND before passing it as an argument to this function. + +Use this function only when a shell interpreter is needed. In +other cases, consider alternatives such as `call-process' or +`process-lines', which do not invoke the shell. Prefer built-in +functions like `mv' to the external command \"mv\". For more +information, see Info node ‘(elisp)Security Considerations’." (with-output-to-string (with-current-buffer standard-output (shell-command command t))))