MCPcopy Index your code
hub / github.com/codeaashu/claude-code / cmdQuote

Function cmdQuote

src/utils/deepLink/terminalLauncher.ts:553–557  ·  view source on GitHub ↗

* cmd.exe argument quoting. cmd.exe does NOT use CommandLineToArgvW-style * backslash escaping — it toggles its quoting state on every raw " * character, so an embedded " breaks out of the quoted region and exposes * metacharacters (& | < > ^) to cmd.exe interpretation = command injection. * *

(arg: string)

Source from the content-addressed store, hash-verified

551 * \ before our closing " would eat the close-quote.
552 */
553function cmdQuote(arg: string): string {
554 const stripped = arg.replace(/"/g, '').replace(/%/g, '%%')
555 const escaped = stripped.replace(/(\\+)$/, '$1$1')
556 return `"${escaped}"`
557}
558

Callers 1

launchWindowsTerminalFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected