@@ -293,19 +293,28 @@ example, when searching for a tag that matches ``a\?b``, if using a filter
293293expression like ``'(eq? $name "a\?b")' ``, since ``\? `` is translated into a
294294single ``? `` by readtags, it actually searches for ``a?b ``.
295295
296- Another problem is if a single quote appear in filter expressions (which is
297- also wrapped by single quotes), it terminates the expression, producing broken
298- expressions, and may even cause unintended shell injection. Single quotes can
299- be escaped using ``'"'"' ``.
296+ Another problem is: If the client tools talks to readtags not by subprocess
297+ directly, but through a shell, then if a single quote appear in filter
298+ expressions (which is also wrapped by single quotes), it terminates the
299+ expression, producing broken expressions, and may even cause unintended shell
300+ injection. Single quotes can be escaped using ``'"'"' ``.
300301
301302So, client tools need to:
302303
303304* Replace ``\ `` by ``\\ ``
304- * Replace ``' `` by ``'"'"' ``
305+ * Replace ``' `` by ``'"'"' ``, if it talks to readtags through a shell.
305306
306307inside the expressions. If the expression also contains strings, ``" `` in the
307308strings needs to be replaced by ``\" ``.
308309
310+ Another thing to notice is that missing fields are represented by ``#f ``, and
311+ applying string operators to them will produce an error. You should always
312+ check if a field is missing before applying string operators. See the
313+ "Filtering" section in :ref: `readtags(1) <readtags(1) >` to know how to do this. Run "readtags -H
314+ filter" to see which operators take string arguments.
315+
316+ Build Filter/Sorter Expressions using Lisp Languages
317+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
309318Client tools written in Lisp could build the expression using lists. ``prin1 ``
310319(in Common Lisp style Lisps) and ``write `` (in Scheme style Lisps) can
311320translate the list into a string that can be directly used. For example, in
@@ -317,11 +326,13 @@ EmacsLisp:
317326 (prin1 `(eq? $name ,name)))
318327 => "(eq\\? $name "hi")"
319328
320-
321- proper escaping so the expression readtags gets is just the expression passed
322- into ``write ``. Common Lisp style Lisps may produce unrecognized escape
323- sequences by readtags, like ``\# ``. Readtags provides some aliases for these
324- Lisps:
329+
330+
331+ Escape sequences produced by ``write `` in Scheme style Lisps are exactly those
332+ supported by readtags, so any legal readtags expressions can be used. Common
333+ Lisp style Lisps may produce escape sequences that are unrecgonized by
334+ readtags, like ``\# ``, so symbols that contain "#" can't be used. Readtags
335+ provides some aliases for these Lisps, so they should:
325336
326337* Use ``true `` for ``#t ``.
327338* Use ``false `` for ``#f ``.
@@ -330,14 +341,9 @@ Lisps:
330341 ``(string->regexp "PATTERN" :case-fold true) `` for ``#/PATTERN/i ``. Notice
331342 that ``string->regexp `` doesn't require escaping "/" in the pattern.
332343
333- Notice that even when the client tool uses this method, ``' `` still needs to be
334- replaced by ``'"'"' `` to prevent broken expressions and shell injection.
335-
336- Another thing to notice is that missing fields are represented by ``#f ``, and
337- applying string operators to them will produce an error. You should always
338- check if a field is missing before applying string operators. See the
339- "Filtering" section in :ref: `readtags(1) <readtags(1) >` to know how to do this. Run "readtags -H
340- filter" to see which operators take string arguments.
344+ Notice that if the client tool talks to readtags through a shell, then in the
345+ produced string, ``' `` still needs to be replaced by ``'"'"' `` to prevent
346+ broken expressions and shell injection.
341347
342348Parse Readtags Output
343349~~~~~~~~~~~~~~~~~~~~~
0 commit comments