francesca francesca - 11 months ago 83
Bash Question

How do I escape command injection in node child_process?

I'm adding arguments to

command using string concatenation and they are ignored

var exec = require( "child_process" ).exec;

var cmd = exec( "grunt build --project="+application, {
cwd: application
function( error, stdout, stderr ){});

cmd.stdout.pipe( process.stdout );
cmd.stderr.pipe( process.stderr );

Why is string concatenation a problem and how to avoid it?

Answer Source

Check your grunt build task to see if there is anything wrong. There is nothing wrong in your code with string concatenation in child_process.exec