chubot 2 days ago

YSH addresses the "string safety" problem:

What is YSH? https://oils.pub/ysh.html

I am writing a quoting module now, but the key point is that it's a powerful enough language to do so. It is more like Python or JS; you don't have to resort to sed to parse and quote strings.

I posted the quote-argv solution above -- in YSH it will likely be:

    var argv = :| ls 'arg with space' |   # like bash argv=()
    ssh example.com $[quote.sh(argv)]
But you can write such a function NOW if you like

---

quote.sh follows the (subtle) idiom of replacing a single quote ' with

    '\''
which means it works on systems with remote POSIX sh, not just YSH !

e.g. "isn't" in POSIX shell is quoted as

    'isn'\''t'
which is these three word parts:

    'isn' \' 't'
YSH also has:

- JSON, which can correctly round trip every Unicode string, without writing your own parsing functions

- JSON8, an optional extension that can round trip every byte string you get from the Unix kernel

https://oils.pub/release/latest/doc/j8-notation.html

1
hello_computer 2 days ago

I like it. Hope it gets some traction.

1 reply
chubot 2 days ago

It also fixes the problem with eval that is shared with ssh:

    ysh-0.29$ eval ls $dir
      eval ls $dir
      ^~~~
    [ interactive ]:11: 'eval' requires exactly 1 argument
And it fixes word evaluation

YSH Doesn't Require Quoting Everywhere - https://www.oilshell.org/blog/2021/04/simple-word-eval.html

https://oils.pub/release/latest/doc/simple-word-eval.html