my personal sanitization test is:

[[ ! $var =~ '^[a-zA-Z_][a-zA-Z_0-9]*$' ]] && { error "msg", return 1}

Pier Paolo Grassi
linkedin: https://www.linkedin.com/in/pier-paolo-grassi-19300217
founder: https://www.meetup.com/it-IT/Machine-Learning-TO


Il giorno gio 16 apr 2020 alle ore 19:39 Bart Schaefer <
schaefer@brasslantern.com> ha scritto:

> "Sanitizing" a varname for (P) expansion is context-dependent.  For
> example, this is "legal":
>
> varname='x[$(echo 3)]'
> : ${(AP)varname::=foo}
>
> The point being, there's no straightforward internal test that zsh
> could apply to ${(P)varname} that would correctly reject "unsanitary"
> references.  I suppose we could do something similar to Perl's taint
> checks and prevent (P) from being used on environment variables that
> have not been (re)assigned since the current shell started up.
>