@@ -756,8 +756,8 @@ Exceptions defined in this module all inherit from :exc:`SubprocessError`.
756756Security Considerations
757757-----------------------
758758
759- Unlike some other popen functions, thisimplementation willnever
760- implicitly call a system shell. This means that all characters,
759+ Unlike some other popen functions, thislibrary willnot
760+ implicitlychoose to call a system shell. This means that all characters,
761761including shell metacharacters, can safely be passed to child processes.
762762If the shell is invoked explicitly, via ``shell=True ``, it is the application's
763763responsibility to ensure that all whitespace and metacharacters are
@@ -766,6 +766,14 @@ quoted appropriately to avoid
766766vulnerabilities. On:ref: `some platforms <shlex-quote-warning >`, it is possible
767767to use:func: `shlex.quote ` for this escaping.
768768
769+ On Windows, batch files (:file: `*.bat ` or:file: `*.cmd `) may be launched by the
770+ operating system in a system shell regardless of the arguments passed to this
771+ library. This could result in arguments being parsed according to shell rules,
772+ but without any escaping added by Python. If you are intentionally launching a
773+ batch file with arguments from untrusted sources, consider passing
774+ ``shell=True `` to allow Python to escape special characters. See:gh: `114539 `
775+ for additional discussion.
776+
769777
770778Popen Objects
771779-------------