Re: [hackers] [st][PATCH] in bracketed paste mode, filter escapes from pasted data

From: Devin J. Pohly <djpohly_AT_gmail.com>
Date: Thu, 2 Nov 2017 17:08:11 -0500

On Thu, Nov 02, 2017 at 10:42:05PM +0100, Jann Horn wrote:
> Browsers permit copied data to contain escape characters. To prevent
> malicious websites (or other sources of malicious text) from faking a
> bracketed paste end sequence, filter escape characters from pasted text in
> bracketed paste mode.

Good point!

> diff --git a/LICENSE b/LICENSE
> index fa0c63e..ce7ee42 100644
> --- a/LICENSE
> +++ b/LICENSE
> _AT_@ -11,6 +11,7 @@ MIT/X Consortium License
> 2013 Michael Forney <mforney at mforney dot org>
> 2013-2014 Markus Teich <markus dot teich at stusta dot mhn dot de>
> 2014-2015 Laslo Hunhold <dev at frign dot de>
> + 2017 Google LLC

Adding Google as a copyright holder??

> + while (readpos < last) {
> + if (*readpos != '\033')
> + *repl++ = *readpos;
> + readpos++;
> + }

Wouldn't we need to catch U+009B too?

*dp


-- 
<><
Received on Thu Nov 02 2017 - 23:08:11 CET

This archive was generated by hypermail 2.3.0 : Thu Nov 02 2017 - 23:12:20 CET