add option to pipe URL into external command

[Arvedui]

This is useful because URLs may contain characters that are interpreted by the shell, which may prevent the command specified with --run from working. This way the url never sees the URL and cannot mess anything up.

[firecat53]

Sorry...haven't had time to take a look at this yet. Just wanted to let you know!

[firecat53]

Can you give me an example of a URL and a command that would trigger the behavior you mentioned?

Also, this should be documented in the README in addition (perhaps with an example to show why it would be needed).

Thanks!

[Arvedui]

If you execute echo "https://example.com/foo;bar" | urlscan --run 'echo {} | xclip -i -selection clipboard' and then try to copy it into the clipboard with enter nothing will happen, because the shell will interpret bar as a command. Ampersands also break this and possibly other characters that are special in the shell. Now that I think about this again this may actually be a security hole allowing arbitrary command execution.

Quoting might also be an option, and there is shlex.quote for that. But I prefer a pipe solution because it makes this problem completely impossible. Quoting the string should probably be done either way though.

[firecat53]

Hmm. If you change your example to: echo "https://example.com/foo;bar" | urlscan --run 'echo "{}" | xclip -i -selection clipboard' then it works fine. Isn't that just classic BASH quoting? If that works, is there still a reason to pipe the url into xclip instead?

Edit: I played around some more and I can see the utility of the pipe you added. Pretty minimal use case, but doesn't cost anything to add it :smile:

[firecat53]

Ok, I made a few adjustments and updated README and manpage. Check it out on the develop branch and proofread my changes, if you'd be so kind!

[Arvedui]

Look good, thank you!