safeSpawn bypasses XMonad's spawn command, because spawn passes
strings to /bin/sh to be interpreted as shell commands. This is
often what one wants, but in many cases the passed string will contain
shell metacharacters which one does not want interpreted as such (URLs
particularly often have shell metacharacters like '&' in them). In
this case, it is more useful to specify a file or program to be run
and a string to give it as an argument so as to bypass the shell and
be certain the program will receive the string as you typed it.
unsafeSpawn is an alias for XMonad's spawn, to remind one that use
of it can be, well, unsafe.
, ((modMask, xK_Print), unsafeSpawn "import -window root png:$HOME/xwd-$(date +%s)$$.png")
, ((modMask, xK_d ), safeSpawn "firefox" "")
Note that the unsafeSpawn example must be unsafe and not safe because
it makes use of shell interpretation by relying on $HOME and
interpolation, whereas the safeSpawn example can be safe because
Firefox doesn't need any arguments if it is just being started.