D11859: Copy&paste exploits
Michal Humpula
noreply at phabricator.kde.org
Sun Apr 1 08:05:31 UTC 2018
michalhumpula created this revision.
michalhumpula added a reviewer: Konsole.
Restricted Application added a project: Konsole.
michalhumpula requested review of this revision.
REVISION SUMMARY
It's quite a common practice today to copy&paste pieces of code/commands from web to editor/terminal. As shown here [1], it's not always apparent what the copied content would be. Konsole implements the bracketed paste mode, which places special escape sequences on the start and end of the pasted text. The shell/editor can later decide how to interpret them.
Current konsole implementation limits only the first variant. The second variant evades the escapes sequences, by terminating the first one. The easiest solution is to remove the problematic sequences from the pasted text, which prevents the snippet from escaping the bracketed mode.
Questions:
1. is there a better way, how to protect the shell from harm?
2. can figure out the scenario, where it would be valid to paste such escape sequences and expect them to be honored, but maybe there is?
3. should it be configurable? If the answer to 2. is there is no such scenario, then it doesn't seem practical to let user disable the paste cleanup.
[1]: http://thejh.net/misc/website-terminal-copy-paste
REPOSITORY
R319 Konsole
REVISION DETAIL
https://phabricator.kde.org/D11859
AFFECTED FILES
src/TerminalDisplay.cpp
To: michalhumpula, #konsole
Cc: herrold, ngraham, hindenburg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/konsole-devel/attachments/20180401/ff74d770/attachment.html>
More information about the konsole-devel
mailing list