Re: [dev] [st] Hardening bracketed paste mode

From: <fomha4_AT_0w.se>
Date: Sun, 11 May 2025 09:01:04 +0200

Hello Andrew,

You wrote:
> Curious to hear what others' thoughts are on this

Not a comment about a suggested improvement, but about the feature itself.

On Sat, May 10, 2025 at 03:49:20PM +0100, Andrew Mass wrote:
> One advantage of this is
> preventing commands from running automatically when pasted into the
> terminal. This seems beneficial from a security standpoint

Pasting into a shell is always a sensitive operation and needs caution.
Even though extra safety nets are useful, this one comes with a high
cost even besides the needed additional key presses.

FWIIW I consider using this feature in a typical *nix application,
at least when used as a default, a bad design, because it is stateful
and assumes that the application has full control over and is the only
one going to interact with the terminal.

These assumptions do not generally hold. In certain quite reasonable
workflows and scenarios (e.g. when you lose a remote connection) the
"bracketed paste" becomes a quite annoying nuisance. At least some
of my colleagues feel so as well.

That's why I switch off the "bracketed paste" at least in readline, which
helps with bash and probably with some other shells too, on the computers
I manage. There was not a single request from any user to enable it,
the number of users is in the range of 3-4-digits.

my 2c,
fomha4
Received on Sun May 11 2025 - 09:01:04 CEST