Jeff King <peff@xxxxxxxx> writes: > - replace eval formatting magic with "%s" printf formatters (safer and > gets rid of quoting issues in the callers). This one actually made me think twice about safety, as we'd be using end-user supplied formatting string without any inspection. I think it is fine as it is merely a test helper. If somebody is later making it into a test-tool function, I expect that our interpolation engine, not the bare sprintf(), would be used there, and it would hopefully also be safe? Thanks.
