search

Quintus / Automations

Automations is a Ruby 1.9 project consisting of libraries to fake and simulate (automate) user input like pressing keys or moving windows. Linux X server systems can be automated by using xdotool internally, Windows systems by using AutoItX3.
30 stars 8 forks source link

XDo::Keyboard.type does not work with single quotes #11

Closed nhinds closed 6 years ago

nhinds commented 9 years ago

I know this library is old, but in case other people attempt to use it:

XDo::Keyboard.type passes its parameter directly into a single-quoted string, so attempting to include single quotes in the message results in either an error, missing quotation marks, or arbitrary shell execution.

XDo::Keyboard.type "Hello, 'world'"
Hello, world

XDo::Keyboard.type "Hello, 'world"
sh: 1: Syntax error: Unterminated quoted string

XDo::Keyboard.type "Hello, '; rm -fr /some/important/files #"
Hello, 
and now your files have been deleted
Quintus commented 6 years ago

I don't work on this project anymore.