The following is a contrived example showing how one can
unintentionally end up executing the contents of a string:
$ var=; echo gotcha!
$ eval echo hi $var
Using escape, one can avoid executing the contents of $var:
$ eval echo hi `escape "$var"`
hi ; echo gotcha!
A less contrived example is passing arguments to Mail Avenger bodytest
commands containing possibly unsafe environment variables. For
example, you might write a hypothetical reject_bcc script to reject
mail not explicitly addressed to the recipient:
formail -x to -x cc -x resent-to -x resent-cc \
| fgrep "$1" > /dev/null \
&& exit 0
echo "<$1>.. address does not accept blind carbon copies"
To invoke this script, passing it the recipient address as an
argument, you would need to put the following in your Mail Avenger
bodytest reject_bcc `escape "$RECIPIENT"`