[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: insistence that format string for printf to use single quotes
|
From: |
Kerin Millar |
|
Subject: |
Re: insistence that format string for printf to use single quotes |
|
Date: |
Sun, 29 Jan 2023 11:05:24 +0000 |
On Sun, 29 Jan 2023 03:58:59 +0100 (CET)
Hans Lonsdale <hanslonsdale@mailfence.com> wrote:
>
>
> > ----------------------------------------
> > From: Greg Wooledge <greg@wooledge.org>
> > Date: Jan 29, 2023, 5:13:33 AM
> > To: <help-bash@gnu.org>
> > Subject: Re: insistence that format string for printf to use single quotes
> >
> >
> > On Sat, Jan 28, 2023 at 02:37:37AM +0100, Hans Lonsdale wrote:
> > > A work mate is insisting that the format string string for printf should
> > > always be enclosed by single quotes.
> >
> > As a default policy, that's sound. There will be cases where the quotes
> > may be omitted safely (e.g. when the format is just %s with nothing else),
> > but it's never wrong to add them.
>
> The insistence is about something a bit different though. The insistence in
> that the format quoting
> should be done with single quotes and never with doubled quotes. Is such
> insistence sound?
It helps to protect against accidental format string injection because single
quotes impede various forms of expansion, whereas double quotes do not.
Naturally, there are legitimate use cases for dynamically composing a format
string, so to say never is extreme. Still, ask of yourself whether such is the
intent on each occasion that you use printf in your projects. You may well find
that, in the majority of cases, there is no such intent. In that case, a
preference for single quotes is probably justifiable. I, myself, tend towards
single quotes for anything more complex than the likes of %s, except where the
format string must contain single quotes.
--
Kerin Millar