[konsole] [Bug 379294] Implement OSC 8 hyperlink support

Egmont Koblinger bugzilla_noreply at kde.org
Tue Jun 26 19:11:29 UTC 2018


https://bugs.kde.org/show_bug.cgi?id=379294

--- Comment #8 from Egmont Koblinger <egmont at gmail.com> ---
(In reply to Martin Sandsmark from comment #7)

> and I'm fairly certain konsole never implemented the escape sequences for
> injecting keystrokes in the first place either

Not arbitrary keystrokes, but certain ones. Try e.g.

    echo -ne '\e[>c'

> about the clickable filenames it's a bit off topic for this bug, but you
> need to turn in on in the settings. and how konsole tracks the current
> directory depends on OS and shell (if it supports OCS7), but that feature is
> much older, but earlier it was just used to display the current directory in
> the window/tab title.

Thanks, now I've found it. As expected, it only works for a simple "ls". As
soon as I do an "ls some-other-directory", it no longer works, or even worse,
can mistake a file for its counterpart of the same name from another directory.
I don't even dare to try whitespaces and other weird characters in the
filename.

> > And you can't just blindly assume that 3-4 other components all have security issues
> 
> I think that's where you and I disagree. you could make the same argument
> against sandboxing and many other defense in depth strategies.

Sandboxing is not just for security, sure its part of their stories, but other
parts are about avoiding the hassle with conflicting libraries etc. And as for
security, there it's an entire OS with plenty of features and plenty of
potentially broken places, that is, gazillions of possible entry points for
security bugs. A pretty wide system diagram, if you wish, whereas for the OSC 8
feature it's a simple stack with a very small number of components.

And I'd like to emphasize again that the feature was modeled after web
browsers, so if there's any security hole in its implementation, it's probably
already there even without the terminal emulator. We didn't invent anything
brand new, just applied something already seen on the web into terminal
emulators.

> but misunderstand me correctly; I'm not violently opposed to this, I just
> don't believe the security/usefulness tradeoff is good here.

Usefulness if of course another question. I myself often use it for local
filenames, as printed by "ls". And as opposed to konsole where it works
_sometimes_, for me it works _always_.

I am still not convinced at all about security issues, especially if konsole
decides to limit support to a few well-known schemes.

And don't get me wrong, I'm not completely against security either, see e.g.
another feature request for gnome-terminal at
https://bugzilla.gnome.org/show_bug.cgi?id=795774 which, although could be a
convenient one, I don't support due to its security implications. I just don't
see the security problems in the hyperlink story.

Anyway, I guess we need to agree that we disagree.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the konsole-devel mailing list