|
From: | Max Nikulin |
Subject: | Re: [PATCH] ob-clojure.el: Add support for babashka and nbb backend |
Date: | Sun, 14 Nov 2021 23:25:05 +0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 |
On 14/11/2021 22:28, Daniel Kraus wrote:
* lisp/ob-clojure.el: Add support for babashka and nbb backend. --- +(defun ob-clojure-escape-quotes (str-val) + "Escape quotes for STR-VAL." + (replace-regexp-in-string "\"" "\\\"" str-val 'FIXEDCASE 'LITERAL)) + +(defun ob-clojure-eval-with-babashka (bb expanded) + "Evaluate EXPANDED code block using BB (babashka or nbb)." + (let ((escaped (ob-clojure-escape-quotes expanded))) + (shell-command-to-string + (concat bb " -e \"" escaped "\""))))
Does not it an open door for security vulnerabilities? Consider a string somewhere in the code: "`echo arbitrary code execution`". Only outer quotes are escaped.
[Prev in Thread] | Current Thread | [Next in Thread] |