diff options
Diffstat (limited to 'Doc/library/subprocess.rst')
-rw-r--r-- | Doc/library/subprocess.rst | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 85d0f46..292f8be 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -718,11 +718,8 @@ If the shell is invoked explicitly, via ``shell=True``, it is the application's responsibility to ensure that all whitespace and metacharacters are quoted appropriately to avoid `shell injection <https://en.wikipedia.org/wiki/Shell_injection#Shell_injection>`_ -vulnerabilities. - -When using ``shell=True``, the :func:`shlex.quote` function can be -used to properly escape whitespace and shell metacharacters in strings -that are going to be used to construct shell commands. +vulnerabilities. On :ref:`some platforms <shlex-quote-warning>`, it is possible +to use :func:`shlex.quote` for this escaping. Popen Objects |