francesca francesca - 8 months ago 70
Bash Question

How do I escape command injection in node child_process?

I'm adding arguments to

command using string concatenation and they are ignored

var exec = require( "child_process" ).exec;

var cmd = exec( "grunt build --project="+application, {
cwd: application
function( error, stdout, stderr ){});

cmd.stdout.pipe( process.stdout );
cmd.stderr.pipe( process.stderr );

Why is string concatenation a problem and how to avoid it?


Check your grunt build task to see if there is anything wrong. There is nothing wrong in your code with string concatenation in child_process.exec