Skip to content

docs: highlight double quoting issue #1164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
antongolub merged 1 commit into from
Mar 29, 2025
Merged

docs: highlight double quoting issue #1164

antongolub merged 1 commit into from
Mar 29, 2025

Conversation

@antongolub
Copy link
Collaborator

@antongolub antongolub commented Mar 29, 2025
edited
Loading

  • Tests pass
  • Appropriate changes to README are included in PR

@antongolub antongolub requested a review from Copilot March 29, 2025 15:15
Copilot AI reviewed Mar 29, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses a quoting issue by adding a test case to simulate broken quoting and updating documentation to warn users about potential unsafe injection due to double quoting.

  • Added a test case ("broken quoting") in test/core.test.js to capture unexpected output with mixed quoting.
  • Updated docs/quotes.md with a warning block that highlights the risk of unsafe injection when using additional quotes.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
test/core.test.js Introduces a test case demonstrating issues with broken quoting.
docs/quotes.md Enhances documentation with a warning about unsafe injection.
Comments suppressed due to low confidence (2)

test/core.test.js:105

  • [nitpick] Consider renaming the test to more explicitly describe the expected failure scenario or behavior for clarity.
test('broken quoting', async () => {

test/core.test.js:107

  • Using mixed shell quoting syntax here may lead to unexpected behavior in environments with different shell quoting rules. Consider confirming that the intended behavior is reliable across systems or adjusting the quoting method for clarity.
const p = $`echo --foo=$'${args}'`

@antongolub antongolub requested a review from antonmedv March 29, 2025 15:17
@antongolub antongolub merged commit 939cdfa into google:main Mar 29, 2025
26 checks passed
@antongolub antongolub deleted the docs-quote-warn branch March 29, 2025 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@antonmedv antonmedv Awaiting requested review from antonmedv

Assignees

No one assigned

Labels

docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@antongolub