From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26510 invoked by alias); 3 Jun 2015 14:01:59 -0000 Mailing-List: contact zsh-users-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Users List List-Post: List-Help: X-Seq: 20250 Received: (qmail 11410 invoked from network); 3 Jun 2015 14:01:56 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.0 X-Injected-Via-Gmane: http://gmane.org/ To: zsh-users@zsh.org From: Yuri D'Elia Subject: Re: bracketed paste mode in xterm and urxvt Date: Wed, 03 Jun 2015 16:01:11 +0200 Message-ID: References: <55677AF5.50709@thequod.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: adsl-ull-33-103.49-151.net24.it User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 In-Reply-To: On 06/03/2015 02:06 PM, Mikael Magnusson wrote: > It's probably worth noting that 'safe-paste' is a bad name for this, > since the pasted text can include the end-paste escape code, causing > the rest of the paste to appear to the shell as typed by the user. > > This page has an example attack against the plugin, > https://thejh.net/misc/website-terminal-copy-paste > > Hm, seems newer xterm prohibits pasting raw escape codes, so if you > have one of those versions, you are safe. Not urxvt though. I just submitted a patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787628