From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2405 invoked by alias); 4 Jun 2015 07:20:35 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 35380 Received: (qmail 4722 invoked from network); 4 Jun 2015 07:20:33 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,NML_ADSP_CUSTOM_MED,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=no autolearn_force=no version=3.4.0 X-Injected-Via-Gmane: http://gmane.org/ To: zsh-workers@zsh.org From: Stephane Chazelas Subject: Re: bracketed paste mode in xterm and urxvt Date: Thu, 4 Jun 2015 08:15:57 +0100 Message-ID: <20150604071557.GB6451@chaz.gmail.com> References: <55677AF5.50709@thequod.de> <27004.1433345491@thecus.kiddle.eu> <20150603204258.GE4767@chaz.gmail.com> <29062.1433375305@thecus.kiddle.eu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 05448b1b.skybroadband.com Content-Disposition: inline In-Reply-To: <29062.1433375305@thecus.kiddle.eu> User-Agent: Mutt/1.5.21 (2010-09-15) 2015-06-04 01:48:25 +0200, Oliver Kiddle: > Stephane Chazelas wrote: > > To sum-up, for a safe bracketed paste, you need either: > > > > - terminal emulator to filter out ^[ and ^C > > > > ^C is only the default interrupt character. From some basic testing, it > seems you can use tcgetattr/tcsetattr on the master side of the pty. > So the terminal could perhaps disable isig before writing the string > and restore it afterwards. I doubt that an ssh would pass that through, > however. ssh (the client) disables ISIG already. It passes the ^C along and it's the remote pty line discipline that may send SIGINT to the process upon receiving that ^C, so there's nothing ssh could do there. > > - a different paste mode than xterm's \e[200~\e[201~ which > > doesn't work as may contain \e[201~ (something > > like: insert-formatted("\033[202~%S~%s", > > CLIPBOARD,PRIMARY,CUT_BUFFER0) would do). > > Would have been better if xterm had done it that way in the first place. > As it is, stripping a fake end string should do the job. zsh could use a heuristic approach similar to the one I use in the pty wrapper at http://security.stackexchange.com/questions/39118/how-can-i-protect-myself-from-this-kind-of-clipboard-abuse/52655#52655 That is detect paste by the fact that all characters come at once. Not foolproof when done by the shell as there's the case of the user typing or pasting before the prompt is issued. > > - zsh to disable isig. > > > > Maybe a better approach would be to query the X selection for > > instance with xclip/xsel where available. That can also be > > I've got a widget based on xclip. There isn't always an X connection > back, however. It might be worth remembering for when copying text from > firefox. > > The nice thing about getting bracketed paste working is that it > potentially doesn't require users to learn anything new: they already > know how to paste in their terminal. That's also why I think it is worth > trying to include support in a form that doesn't need ohmyzsh plugins or > lines in .zshrc. And putting security aside, there are other benefits > like the single undo event, newlines not being accepted and the option > of manipulating the string such as with shell quoting. [...] Agreed.