Open comex opened 6 years ago
This has nothing to do with the escaping behaviour of zsh
in general but with the echo
builtin.
Consider your first example, if you disable special treatment of these escapes with -E
, you'll get:
$ echo -E '\\\x41'
\\\x41
Here is an strace
of the same but using echo
from coreutils:
$ strace -f -e trace=execve echo '\\\x41'
execve("/run/current-system/sw/bin/echo", ["echo", "\\\\\\x41"], 0x7ffcfa679bc0 /* 68 vars */) = 0
\\\x41
+++ exited with 0 +++
Given:
bash
and other POSIX-compliant shells pass the contents through unmangled:but
zsh
parses both\\
and\x41
, producing:This does not render
shell-escape
's escaping insecure, because zsh doesn't allow escaping the closing single quote – i.e.'\'
is valid and produces a backslash. However, it does render it incorrect in some cases. For maximum compatibility, it would be best ifshell-escape
treated\
similarly to'
and!
.