Quote Unicode arguments to be passed through the Unix shell.
If you are escaping ASCII-only strings, use
System.Posix.Escape as a safer
If you are escaping untrusted input, you must guarantee that the Unicode
characters of the escaped
String will be serialized using the character
encoding expected by
Some software incorrectly interprets characters as bytes, and will use only the
low 8 bits of each Unicode code point. This includes version 1.0 of the
process package, which is bundled with GHC 7.0. Under such
circumstances this module will not prevent malicious input from escaping the
This bug was fixed in
process-1.1, which ships with GHC 7.2:
To repeat: Escaping untrusted input using this module and passing it to the
process package in GHC 7.0 is NOT SAFE and can allow MALICIOUS CODE
System.Posix.Escape as a safer alternative.
String so it can be used within a Unix shell command line, and
end up as a single argument to the program invoked.