Wednesday, November 05, 2008
Windows command line special characters
If, at some point, you find it necessary to pass untrusted user input along in the command line, here is my list of special characters on the MS-DOS command line. This list comes from http://www.robvanderwoude.com/escapechars.html. (I also enjoyed his useless tips page. That's entertainment.)
Escape character: ^
Whitespace: (space) (carriage returns and linefeeds)
Parameters: / (not inherent but many command line apps parse for this)
Quite a long list. Trying to sanitize a command line is a horrible idea, especially for security so it's best avoided but sometimes it's not an option.