[konsole] [Bug 379294] Implement OSC 8 hyperlink support
Grósz Dániel
bugzilla_noreply at kde.org
Fri Jul 24 17:17:08 BST 2020
https://bugs.kde.org/show_bug.cgi?id=379294
Grósz Dániel <groszdanielpub at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |groszdanielpub at gmail.com
--- Comment #11 from Grósz Dániel <groszdanielpub at gmail.com> ---
(In reply to Egmont Koblinger from comment #6)
> If an email client emits the email's contents raw as-is (including control
> characters, escape sequences) to the terminal, than that is a serious
> problem that should be reported and fixed as soon as possible. And yes, in
> that case it's _that_ email client (or other console-based app) to blame!
An obvious example of a tool that sends arbitrary data to the terminal without
filtering escape sequences is cat. cat'ting an untrusted file shouldn't be a
security vulnerability. Others include head and tee. Many programs such as find
or ls filter escape sequences by default when sending output directly to a
terminal, but not if they are piped into head or tee. There are so many ways
untrusted data can end up printed to a terminal that I don't think it's
practical to prevent them all.
If outputting arbitrary data to the terminal causes security problems, IMO it's
the terminals that should be fixed. Not the least because (safe) escape
sequences can be useful for formatting even in untrusted text files. As far as
I understand, most modern terminal emulators don't have really dangerous
escape sequences; the sequences the terminal may respond with as keystrokes
generally don't correspond to actual keyboard input.
That said, even if untrusted text can display unfiltered hyperlinks, it's not
more dangerous than a website as long as dangerous URLs are not automatically
opened.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the konsole-devel
mailing list