Vincent Lefevre wrote in
<20250512091003.GA497638_AT_qaa.vinc17.org>:
|On 2025-05-10 15:49:20 +0100, Andrew Mass wrote:
|> One seemingly simple way to prevent this would be to sanitize /
|> disallow pasting buffers that contain this exact sequence. If
|> bracketed paste mode is active, it seems incorrect to me to allow
|> writing an "early" end sequence.
|>
|> I believe some other terminals take it a step further by sanitizing
|> all sorts of other potentially "dangerous" characters (e.g.:
|>
https://gitlab.gnome.org/GNOME/vte/-/blob/master/src/pastify.cc)
|
|It seems that xterm changes ESC to a space and NUL to \0 (2 characters).
|The other control characters seem unfiltered, which is fine with zsh.
|Note that this is independent on whether bracketed paste mode is active
|(for instance, this also occurs in cooked mode).
I think any "matured" console program then "does something" to
avoid to output controls as-is. If you are in Unicode mode, you
can simply "wc |= 0x2400" to move to the according Unicode visuals
(and 0x2421 for DEL), else you print ?. (With Unicode there are
then also direction marks etc to strip / take care of, whatever.)
So in my opinion, anything is fine except the very end sequence PE
(and NUL).
...
|If you want to pass all characters, I'm wondering whether splitting
|the pasted text into 2 chunks could be a solution, so that the end
|sequence does not appear inside a chunk. But as I've said, ESC could
Likely not, as you cannot read more than maximally strlen(PE) in
order to avoid blocking for more input: so either you read
bytewise or strlen(PE)-YETREAD. A bytewise reader at least.. you
know.
|be misinterpreted. IMHO, the bracketed paste protocol should have
|provided a way to pass a pasted ESC character via an escape sequence
|(and possibly other control characters, in case they would be filtered
|by the terminal).
Yes. (On the other hand the Unicode BOM is only two bytes, and
was supposed to be sufficient said Mark Davies around 2013, though i cannot
find his email no more, and, except for its position, \E[201~ is
far more random. It can likely only be malicious in some piece of
text to be copy+pasted possibly thought Thomas Dickey and the
other involved?)
--End of <20250512091003.GA497638_AT_qaa.vinc17.org>
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
Received on Tue May 13 2025 - 01:08:48 CEST