|
| 1 | +--- |
| 2 | +title: Escape |
| 3 | +layout: default |
| 4 | +nav_order: 7 |
| 5 | +parent: Recipes |
| 6 | +--- |
| 7 | + |
| 8 | +# Escape Recipes |
| 9 | + |
| 10 | +Source: `escape.spq` |
| 11 | + |
| 12 | +Functions for safely escaping values for CSV, TSV, and shell contexts, plus |
| 13 | +patterns for safe text ingestion from shell pipelines. |
| 14 | + |
| 15 | +--- |
| 16 | + |
| 17 | +## sk_csv_field |
| 18 | + |
| 19 | +Escapes a string for use as a CSV field per RFC 4180. Wraps in double quotes |
| 20 | +and doubles internal quotes when the value contains commas, quotes, or |
| 21 | +newlines. Plain values pass through unchanged. |
| 22 | + |
| 23 | +**Type:** function |
| 24 | + |
| 25 | +| Argument | Description | |
| 26 | +|----------|-------------| |
| 27 | +| `s` | The string to escape | |
| 28 | + |
| 29 | +```supersql |
| 30 | +sk_csv_field('plain') |
| 31 | +-- => 'plain' |
| 32 | +
|
| 33 | +sk_csv_field('hello, world') |
| 34 | +-- => quoted and wrapped |
| 35 | +``` |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | +## sk_csv_row |
| 40 | + |
| 41 | +Builds a CSV row from an array of values. Each element is cast to string and |
| 42 | +escaped with sk_csv_field, then joined with commas. |
| 43 | + |
| 44 | +**Type:** function |
| 45 | + |
| 46 | +| Argument | Description | |
| 47 | +|----------|-------------| |
| 48 | +| `arr` | Array of values to format as a CSV row | |
| 49 | + |
| 50 | +--- |
| 51 | + |
| 52 | +## sk_shell_quote |
| 53 | + |
| 54 | +Wraps a string in POSIX shell single quotes. Internal single quotes are escaped |
| 55 | +so the result is safe for shell interpolation. Protects against injection of `$`, |
| 56 | +backticks, and other shell metacharacters. |
| 57 | + |
| 58 | +**Type:** function |
| 59 | + |
| 60 | +| Argument | Description | |
| 61 | +|----------|-------------| |
| 62 | +| `s` | The string to quote | |
| 63 | + |
| 64 | +```supersql |
| 65 | +sk_shell_quote('hello world') |
| 66 | +-- => single-quoted string |
| 67 | +
|
| 68 | +sk_shell_quote('has $var') |
| 69 | +-- => single-quoted, $ not expanded |
| 70 | +``` |
| 71 | + |
| 72 | +--- |
| 73 | + |
| 74 | +## sk_tsv_field |
| 75 | + |
| 76 | +Escapes a value for use in a TSV field. Casts to string, then replaces literal |
| 77 | +tab and newline characters with their backslash-escaped forms. |
| 78 | + |
| 79 | +**Type:** function |
| 80 | + |
| 81 | +| Argument | Description | |
| 82 | +|----------|-------------| |
| 83 | +| `s` | The value to escape | |
| 84 | + |
| 85 | +--- |
| 86 | + |
| 87 | +## Shell Patterns for Safe Text Ingestion |
| 88 | + |
| 89 | +The key insight: never interpolate untrusted text into a SuperQL string literal. |
| 90 | +Pipe raw text through `super` with `-i line` and let the serializer handle |
| 91 | +escaping. These patterns work from any language that can spawn a subprocess. |
| 92 | + |
| 93 | +### safe_text_to_record |
| 94 | + |
| 95 | +Pipe raw text into super to build a record without string interpolation. |
| 96 | + |
| 97 | +```bash |
| 98 | +echo "$text" | super -s -i line -c "values {body: this}" - |
| 99 | +``` |
| 100 | + |
| 101 | +### safe_text_to_string |
| 102 | + |
| 103 | +Pipe raw text through super to get a properly escaped SUP string literal. |
| 104 | + |
| 105 | +```bash |
| 106 | +echo "$text" | super -s -i line -c "values this" - |
| 107 | +``` |
| 108 | + |
| 109 | +### safe_multiline_to_record |
| 110 | + |
| 111 | +Collapse multiline text into a single record field. |
| 112 | + |
| 113 | +```bash |
| 114 | +echo "$text" | super -s -i line \ |
| 115 | + -c 'aggregate s:=collect(this) | values {body: join(s, "\n")}' - |
| 116 | +``` |
| 117 | + |
| 118 | +### safe_append_to_sup_file |
| 119 | + |
| 120 | +Append a timestamped record with raw text to a `.sup` file. |
| 121 | + |
| 122 | +```bash |
| 123 | +echo "$text" | super -s -i line \ |
| 124 | + -c "values {ts: now(), body: this}" - >> data.sup |
| 125 | +``` |
0 commit comments