On Sat, Feb 06, 2021 at 10:57:04AM +0000, Aleksandar Gerasimovski wrote:

> AG: to be sure we understand each other, you expect quotes to be sent to spi as well? That's expected by design behavior?
> Is there any possibility to avoid sending them then?

If you don't want quotes to be sent then don't send them - my
expectation would be that if you're driving this from the shell then the
shell would not be passing unescaped quotes through to the program.  For
example:

	$ echo "Hello, world!"
	Hello, world!

Here echo only saw the unqouted string so that's what it displays.  If
you're not using a shell and starting this from another program then I'd
assume there's some way to generate unquoted arguments in whatever
you're using.

> 
> This appears to be requiring that anything passed into unescape() be a number which isn't something we'd obviously want?  I'd expect the function to unescape things, not to do other random validation which may or may not be appropriate in context.
> AG: so by design is expected that everything is accepted here, e.g \"1234qwert\\xde\\xad\"? If yes than I understood this tool wrongly.

Yes, that's my expecation - it's just processing escape sequences and
passing everything else through.