On Fri, 26 Sep 2014, Roy Marples wrote:
Log Message: Remove \$ as a hidden marker as vis(3) wasn't setting it and it clobbered VIS_SHELL | VIS_CSTYLE.This is wrong. "vis -l" outputs \$, and with this change, unvis won't correctly handle it.unvis is not intended to reverse shell-style escapes. You can use the shell's eval command for that.Doesn't eval kind of defeat the purpose of shell sanitisation which VIS_SHELL is supposed to achieve? I can always add $ to "the don't encode this" list for VIS_CSTYLE.
Yes, eval should be avoided if the input in untrusted.If unvis needs to handle both meanings of \$ (end of line for output from "vis -l", or '$' for output from the new shell escaping variant of vis) then it will need a flag to distinguish the cases. Or vis can be changed to use \044 instead of \$ in the shell escaping case, which I guess is what you meant by the "don't encode this" list.
--apb (Alan Barrett)