Clink incorrectly shows certain commands as quoted

chrisant996 / clink

Bash's powerful command line editing in cmd.exe

https://chrisant996.github.io/clink/

GNU General Public License v3.0

3.44k stars 135 forks source link

Clink incorrectly shows certain commands as quoted #654

Closed gamer191 closed 1 month ago

gamer191 commented 1 month ago

The command echo "hi^"&calc" will show everything after the word "echo" as quoted (yellow). This is incorrect, because the quotes escape the escape character, leaving the 2nd quote unescaped

This could be a minor security issue, as users could hypothetically be social engineered into running a command with an escaped end quote

chrisant996 commented 1 month ago

Thanks for reporting this.

This led to finding lots of subtle quirks in parsing of ^ and " and @ in various contexts.

chrisant996 commented 1 month ago

Several recent commits have fixed this, and various related quirks.