Re^2: Browser::Open Windows metacharacters

Thank you for your help, and expecially for pointing to Win32::ShellQuote that I was not aware of. I found that having Browser::Open this shortcoming, the easiest solution for my case is the following script I found here. It just works, and for the moment I do not see any drawback:

sub openurl {
  my $url = shift;
  my $platform = $^O;
  my $cmd;
  if    ($platform eq 'darwin')  { $cmd = "open \"$url\"";       }  # 
+OS X
  elsif ($platform eq 'MSWin32' or $platform eq 'msys') { $cmd = "star
+t \"\" \"$url\""; } # Windows native or MSYS / Git Bash
  elsif ($platform eq 'cygwin')  { $cmd = "cmd.exe /c start \"\" \"$ur
+l \""; } # Cygwin; !! Note the required trailing space.
  else { $cmd = "xdg-open \"$url\""; }  # assume a Freedesktop-complia
+nt OS, which includes many Linux distros, PC-BSD, OpenSolaris, ...
  if (system($cmd) != 0) {
    die "Cannot locate or failed to open default browser; please open 
+'$url' manually.";
  }
}
[download]

Comment on Re^2: Browser::Open Windows metacharacters Download Code

Replies are listed 'Best First'.
Re^3: Browser::Open Windows metacharacters by Anonymous Monk on Dec 09, 2018 at 22:01 UTC
Make sure you trust the source of the URLs. Otherwise it's still a shell injection: try passing a `$url = q["$(touch ~/hello.txt)"]` if you're on Linux or maybe `$url = q["&calc&"]` on Windows (not sure about the CMD syntax, but it's definitely possible to construct a string that would cause a command to be run when wrapped in double quotes).	[reply] [d/l] [select]
Re^4: Browser::Open Windows metacharacters by IB2017 (Pilgrim) on Dec 09, 2018 at 22:13 UTC
Thank you for pointing me to this threat. In this case my script generates the URLs, so it should be fine.	[reply]