[FFmpeg-devel] Escaping from the escaping madness
Michael Niedermayer
michaelni at gmx.at
Thu Nov 15 15:38:43 CET 2012
On Thu, Nov 15, 2012 at 03:11:53PM +0100, Nicolas George wrote:
> Hi.
>
> With filters and options and various parsers, we have reached a point where
> some part of options need to be escaped four times. This is insane and very
> user-unfriendly. We may want to look for solutions.
fully agree
>
> 1. Rework the parsing mechanism to reduce the need for escaping. For
> example, "foo,bar\\:qux" parsed into "foo" and "bar\:qux", and then the
> second into "bar" and "qux": it would be possible to rework the parser to
> avoid the need for doubling the backslash.
>
> I am rather against this solution, because it is probably quite complex
> to implement, and also because it is very program-unfriendly: if you are
> using ffmpeg directly, you can fiddle with escaping until you find the
> right level, but if you are writing a program that calls ffmpeg or the
> library API, you need accurate and predictable rules for escaping level
> interactions.
>
> 2. Read from files. It solves the problem, but it is rather annoying:
> creating temporary files and ensuring that they are cleaned up is always
> a hassle, and also a security concern if done improperly; it also raises
> security issues by itself ("-vf drawtext=text=@</etc/passwd" anyone?).
> Not a very good general solution IMHO.
>
> 3. Use environment variables. It can be a very easy and immediate fix: patch
> av_get_token so that if the string is "optional spaces; dollar sign;
> alphanumeric characters; optional spaces; end of string or delimiter", it
> returns the contents of the corresponding environment variable. Then it
> is only a matter of putting enough (2^n) backslashed in front of the
> dollar.
>
> I can propose a patch rather soon if people think it is a good idea.
>
> 4. Use configurable and/or asymmetric quotes. In Perl, instead of "foo", you
> can write q/foo/, and then you do not need to escape the double-quote
> (but you need to escape the slash instead); even better, you can write
> q{foo}, and then you only need to escape the braces if they do not nest
> properly. Similar concern: in shell, $(cmd) is preferred to `cmd` because
> parentheses will be matched and avoid escaping madness for nested command
> expansions. Another example: in M4, strings are quoted using `...', and
> can be nested if the quotes properly match.
>
> We could adopt a similar scheme for ffmpeg.
>
> Also, notice that we are in the XXIth century: Unicode exists, and has a
> hoard of quote pairs that nobody uses:
>
> U+2039 SINGLE LEFT-POINTING ANGLE QUOTATION MARK
> U+203A SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
> U+275B HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT
> U+275C HEAVY SINGLE COMMA QUOTATION MARK ORNAMENT
> U+275D HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT
> U+275E HEAVY DOUBLE COMMA QUOTATION MARK ORNAMENT
> U+301D REVERSED DOUBLE PRIME QUOTATION MARK
> U+301E DOUBLE PRIME QUOTATION MARK
>
> Or, simpler:
>
> U+00AB LEFT-POINTING DOUBLE ANGLE QUOTATION MARK
> U+00BB RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK
> U+2018 LEFT SINGLE QUOTATION MARK
> U+2019 RIGHT SINGLE QUOTATION MARK
> U+201C LEFT DOUBLE QUOTATION MARK
> U+201D RIGHT DOUBLE QUOTATION MARK
>
> which are sometimes directly available on keyboards (at least X11/fr;
> (the first two are even in latin-1), but that some people may actually be
> using.
>
> I am not sure what is the best solution to make something without
> breaking compatibility too much, but I believe there are some solutions
> to be found.
Maybe we should make a list of typical cases where escaping is needed
and then look at how they would look with alternatives.
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Let us carefully observe those good qualities wherein our enemies excel us
and endeavor to excel them, by avoiding what is faulty, and imitating what
is excellent in them. -- Plutarch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121115/7f9407bb/attachment.asc>
More information about the ffmpeg-devel
mailing list