-
Notifications
You must be signed in to change notification settings - Fork 1.7k
SC2140
echo "<img src="foo.png" />" > file.htmlor
export "var"="42"echo "<img src=\"foo.png\" />" > file.htmlor
export "var=42"This warning triggers when an unquoted literal string is found suspiciously sandwiched between two double quoted strings.
This usually indicates one of:
- quotes that were supposed to be nested, and therefore need to be escaped (like the
<img>example) - quotes that are just plain unnecessary (like the
exportexample).
Without escaping, the inner two quotes of the sandwich (the end quote of the first section and the start quote of the second section) are no-ops. The following two statements are identical, so the quotes that were intended to be part of the html output are instead removed:
echo "<img src="foo.png" />" > file.html
echo "<img src=foo.png />" > file.htmlSimilarly, these statements are identical, but work as intended:
export "var"="42"
export "var=42"If you know that the quotes are ineffectual but you prefer it stylistically, you can ignore this message.
It's common not to realize that double quotes can span multiple elements, or to stylistically prefer to quote individual variables. For example, these statements are identical, but the first is laboriously and redundantly quoted:
http://"$user":"$password"@"$host"/"$path"
"http://$user:$password@$host/$path"When ShellCheck detects the first style (i.e. the double quotes include only a single element each), it will suppress the warning.