> >
> > I was wondering, is there a general way to escape the string entered
> > by the user, to prevent code injection into command line?
>
> Take a look at the "string-escape" encoding:
>
> >>> evil = "'; rm -rf /;"
> >>> command = "echo '%s'"
> >>> print command % evil.encode('string-escape')
> echo '\'; rm -rf /;'Cool, thanks! Next time I'll study stdlib better before asking the question :) -- Ksenia -- http://mail.python.org/mailman/listinfo/python-list
