cc'ing the list again, since my reply has Timo's code formatted in a more readable & useful way-
On Wed, Mar 8, 2017 at 1:58 AM, ToddAndMargo <toddandma...@zoho.com> wrote: > Are you saying that someone could go into a module, alter the code, > then catch a root level program calling the module and use it > to wreck havoc on a system? > No, my main intent is showng that the code won't copy a string with a quote in it, and can have unintended side effects. Right now perhaps you don't need to copy a quote and it's all good for what it's doing. A few years from now you might find a different use for the module and forget about that limitation, and then spend some time debugging when it doesn't work once in a while. Or maybe someone else will see the thread after searching for "perl6 clipboard" & use the code in an open-source command-line tool. Then a 3rd party decides that tool is just the thing to let their web app interact with a back-end utility. Then a black-hat hacker looks at source, sees the code is being used to paste a filename into some server-side tool, and uploads a file with a quote & pipe in its name to get the webserver to execute some commands. Stranger things happen! But mostly, it's theoretical, and I (and Timo too I think) hope you'll "get" what's going on behind the scenes, and know how to get input into command-line tools safely. This guy's module > https://github.com/kmwallio/p6-OS-Clipboard > has the same "flaw" all over it as he is using a pipe and xclip. That code does something to keep that flaw from happening. Try sending my weird string though his code, and it will go in the clipboard exactly as it ought to with no side effect. Now the question arises, how does one write to the "clipboard" > (not the primary) without using a pipe or xclip? Keep using xclip, in the way Timo wrote about. He embedded it in a single line so it looked tricky, here it is reformatted into a sub (and with "-loops 1" removed since xclip will exit on its own when something else writes to the clipboard, and with "say" changed to "print" so we don't add an extra newline): sub WriteSecondaryClipboard ( $Str ) { # <ctrl><c> my $proc = run 'xclip -selection primary', :in, :out; # This runs xclip in a background process $proc.in.print: $Str; # This pipes to xclip safely! All special chars, even control characters, go into the xclip $proc $proc.in.close; # This sends the EOF $proc.out.slurp-rest(:close); # This makes sure the process isn't waiting to write anything } WriteSecondaryClipboard "hello | touch BadFile.txt \n ls \n #Comment all you like \n \" even a | quote is OK! \" "; Now, I can't actually test the above, because I don't have access to a Linux host at the moment! I mostly run on Windows! So you'll have to tell me if that code is as good as I hope it is. (And alas I cannot run the ReadPrimaryClipboard example you sent.) -y
