Closed joshtriplett closed 7 years ago
cc @alexcrichton
According to this stack overflow post, the best approach might actually be to have a simple whitelist and then single-quote the contents since all that then needs to be escaped are single quotes: http://stackoverflow.com/a/20053121
@sfackler Probably safer, and definitely more maintainable, yes.
The UNIX implementation only escapes the following characters:
It should escape at least the following characters (and possibly others):