On Saturday, 17 January 2015 at 18:24:52 UTC, Fatih Kadir Akin
wrote:
First, creating temporary files with predictable names is a
bad idea, because it opens the door for symlink attacks.
Unfortunately, I don't know of an alternative way to do this
safely using only the standard library; it seems, this crucial
functionality is missing. I've asked here:
TypeScript compiler doesn't accept stdin pipes, I tried using
Unix fifo but since I'm not an Unix expert, couldn't figure it
out. The last thing was using a temporary file -- which also
sounds not good to me :)
I was going to make a PR to use pipes, but also found that `tsc`
sadly doesn't support stdin/stdout. But they have an as-of-yet
unimplemented enhancement request; they probably wouldn't refuse
a PR:
https://github.com/Microsoft/TypeScript/issues/1226
As for FIFOs, they unfortunately don't work on Windows... (and
NTFS _does_ support symlinks!)
The second thing is that you're using `pipeShell()`, which
takes only the entire command as a parameter. Because this
command will be interpreted by the shell, you have to make
sure that all you're arguments are correctly escaped. However,
in your case you don't actually need a shell; `pipeProcess()`
is a better solution, because it takes the argument list as an
array:
auto pipes = pipeProcess(
["tsc", inputFileName, "--out", outputFileName],
Redirect.stderrToStdout | Redirect.stdout
);
It really makes sense, I'm going to update -- you also can open
a PR.
https://github.com/f/diet-typescript/pull/1
