Ok, here's a RCE example)
const arg = '"hello" && echo "rm -rf ./ may be here"' const cmd = `echo ${arg}`
Key tip: you need to understand the boundaries of the arguments and escape the characters that can violate them.
Thanks now I get it. Passing user input in such commands can be dangerous. Similar to the way SQL injection attacks happen by I'll formatted arguments.
I would surely put some disclaimer on that.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Ok, here's a RCE example)
Key tip: you need to understand the boundaries of the arguments and escape the characters that can violate them.
Thanks now I get it. Passing user input in such commands can be dangerous. Similar to the way SQL injection attacks happen by I'll formatted arguments.
I would surely put some disclaimer on that.