Andrew Mass wrote in <caejgb2at6nozjggr6bdm1zuaclfu2kkoxxe7fwcw0rhwzww...@mail.gmail.com>: |I believe bracketed paste mode was originally intended for use cases |like text editors, but it seems like many shells are using it as well |to differentiate typed from pasted text. One advantage of this is |preventing commands from running automatically when pasted into the |terminal. This seems beneficial from a security standpoint. For |example, see: https://thejh.net/misc/website-terminal-copy-paste | |st fails with the second example because the bracketed paste end |sequence (\033[201~) is contained within the clipboard buffer (you can |see this in the HTML source), which incorrectly signals to the shell |an early end to bracketed paste mode, allowing the rest of the command |to run as if typed. | |One seemingly simple way to prevent this would be to sanitize / |disallow pasting buffers that contain this exact sequence. If |bracketed paste mode is active, it seems incorrect to me to allow |writing an "early" end sequence. | |I believe some other terminals take it a step further by sanitizing |all sorts of other potentially "dangerous" characters (e.g.: |https://gitlab.gnome.org/GNOME/vte/-/blob/master/src/pastify.cc) | |Curious to hear what others' thoughts are on this, and whether a patch |along these lines would be seen as valuable. If so, I could try to |send one over.
Thomas Dickey as "the one" wrote about all that: https://invisible-island.net/xterm/xterm-paste64.html --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
