#Variable or code inside string literals

Double-quoted string literals are mostly harmless in many languages. But in some languages they could also contain code.

In Bash, you can use `...` (it doesn't end the program):

"`echo Hello world! >/proc/$$/fd/1`" 

In Tcl, you can use [...]:

"[puts {hello world!};exit]" 

In PHP, you can use ${...} (this generates an error in Bash so it must appear after the Bash code):

"${die(print(Hello.chr(32).world.chr(33)))}"; 

In Ruby, you can use #{...}:

"#{puts 'Hello world!';exit}" 

There might be also others.

These grammars aren't compatible. That means you can put all the code of these languages in one string in a harmless location. And it will just ignore the unrecognized code in other languages and interpret them as string content.

In many cases, you could also easily comment out a double quote character there and make a more traditional polyglot.

Variable or code inside string literals

Double-quoted string literals are mostly harmless in many languages. But in some languages they could also contain code.

In Bash, you can use `...` (it doesn't end the program):

"`echo Hello world! >/proc/$$/fd/1`" 

In Tcl, you can use [...]:

"[puts {hello world!};exit]" 

In PHP, you can use ${...} (this generates an error in Bash so it must appear after the Bash code):

"${die(print(Hello.chr(32).world.chr(33)))}"; 

In Ruby, you can use #{...}:

"#{puts 'Hello world!';exit}" 

There might be also others.

These grammars aren't compatible. That means you can put all the code of these languages in one string in a harmless location. And it will just ignore the unrecognized code in other languages and interpret them as string content.

In many cases, you could also easily comment out a double quote character there and make a more traditional polyglot.

#Variable or code inside string literals

Double-quoted string literals are mostly harmless in many languages. But in some languages they could also contain code.

In Bash, you can use `...` (it doesn't end the program and prints to stderr):

"`echo Hello world! >&2`" 

In Tcl, you can use [...]:

"[puts {hello world!};exit]" 

In PHP, you can use ${...} (this generates an error in Bash so it must appear after the Bash code):

"${die(print(Hello.chr(32).world.chr(33)))}"; 

In Ruby, you can use #{...}:

"#{puts 'Hello world!';exit}" 

There might be also others.

These grammars aren't compatible. That means you can put all the code of these languages in one string in a harmless location. And it will just ignore the unrecognized code in other languages and interpret them as string content.

In many cases, you could also easily comment out a double quote character there and make a more traditional polyglot.

#Variable or code inside string literals

Double-quoted string literals are mostly harmless in many languages. But in some languages they could also contain code.

In Bash, you can use `...` (it doesn't end the program):

"`echo Hello world! >/proc/$$/fd/1`" 

In Tcl, you can use [...]:

"[puts {hello world!};exit]" 

In PHP, you can use ${...} (this generates an error in Bash so it must appear after the Bash code):

"${die(print(Hello.chr(32).world.chr(33)))}"; 

In Ruby, you can use #{...}:

"#{puts 'Hello world!';exit}" 

There might be also others.

These grammars aren't compatible. That means you can put all the code of these languages in one string in a harmless location. And it will just ignore the unrecognized code in other languages and interpret them as string content.

In many cases, you could also easily comment out a double quote character there and make a more traditional polyglot.

#Variable or code inside string literals

Double-quoted string literals are mostly harmless in many languages. But in some languages they could also contain code.

In Bash, you can use `...` (it doesn't end the program and prints to stderr):

"`echo Hello world! >&2`" 

In Tcl, you can use [...]:

"[puts {hello world!};exit]" 

In PHP, you can use ${...} (this generates an error in Bash so it must appear after the Bash code):

"${die(print(Hello.chr(32).world.chr(33)))}"; 

In Ruby, you can use #{...}:

"#{puts 'Hello world!';exit}" 

There might be also others.

These grammars aren't compatible. That means you can put all the code of these languages in one string in a harmless location. And it will just ignore the unrecognized code in other languages and interpret them as string content.

#Variable or code inside string literals

Double-quoted string literals are mostly harmless in many languages. But in some languages they could also contain code.

In Bash, you can use `...` (it doesn't end the program and prints to stderr):

"`echo Hello world! >&2`" 

In Tcl, you can use [...]:

"[puts {hello world!};exit]" 

In PHP, you can use ${...} (this generates an error in Bash so it must appear after the Bash code):

"${die(print(Hello.chr(32).world.chr(33)))}"; 

In Ruby, you can use #{...}:

"#{puts 'Hello world!';exit}" 

There might be also others.

These grammars aren't compatible. That means you can put all the code of these languages in one string in a harmless location. And it will just ignore the unrecognized code in other languages and interpret them as string content.

In many cases, you could also easily comment out a double quote character there and make a more traditional polyglot.