Wednesday, November 05, 2008

 

Windows command line special characters

If, at some point, you find it necessary to pass untrusted user input along in the command line, here is my list of special characters on the MS-DOS command line. This list comes fromĀ http://www.robvanderwoude.com/escapechars.html. (I also enjoyed his useless tips page. That's entertainment.)

Redirection: <>|
Quotes: "
Escape character: ^
Whitespace: (space) (carriage returns and linefeeds)
Conditionals: |&
Parameters: / (not inherent but many command line apps parse for this)

Quite a long list. Trying to sanitize a command line is a horrible idea, especially for security so it's best avoided but sometimes it's not an option.

Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?