From 94bef169e2e8af68514c649eca4b789e8a0f4dae Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Sun, 17 Sep 2023 17:03:59 +0200 Subject: [PATCH] Document shell-command-to-string security considerations * lisp/simple.el (shell-command-to-string): Document security considerations in docstring. --- lisp/simple.el | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lisp/simple.el b/lisp/simple.el index a128ff41051..12d760a198f 100644 --- a/lisp/simple.el +++ b/lisp/simple.el @@ -5060,7 +5060,15 @@ characters." exit-status)) (defun shell-command-to-string (command) - "Execute shell command COMMAND and return its output as a string." + "Execute shell command COMMAND and return its output as a string. +Use `shell-quote-argument' to quote dangerous characters in +COMMAND before passing it as an argument to this function. + +Use this function only when a shell interpreter is needed. In +other cases, consider alternatives such as `call-process' or +`process-lines', which do not invoke the shell. Prefer built-in +functions like `mv' to the external command \"mv\". For more +information, see Info node ‘(elisp)Security Considerations’." (with-output-to-string (with-current-buffer standard-output (shell-command command t)))) -- 2.39.5