> On 16 Feb 2022, at 11:43 am, Wietse Venema <wie...@porcupine.org> wrote:
>
>> Users who want an unsanitised form of the queue content should
>> consume JSON.
>
> Unsanitized but json-escaped. If people want to unescape that, then
> they have to write extra code, so 'unsanitized' would still be safe
> for naive scripts.
When represented as JSON.
> I think I missed that "jq -r" output is still json-escaped. In that
> light, is there any need for 3.7-style sanitization of json output?
> We could still revert that early in 3.7.1; I doubt that this would
> break things already.
Actually, no, with "-r" not only are quotes removed, but also escaped
forms are converted back to the underlying UTF-8 form, and control
characters are output verbatim (as newlines, ESC, ...).
--
Viktor.
