Hello, I believe bracketed paste mode was originally intended for use cases like text editors, but it seems like many shells are using it as well to differentiate typed from pasted text. One advantage of this is preventing commands from running automatically when pasted into the terminal. This seems beneficial from a security standpoint. For example, see: https://thejh.net/misc/website-terminal-copy-paste
st fails with the second example because the bracketed paste end sequence (\033[201~) is contained within the clipboard buffer (you can see this in the HTML source), which incorrectly signals to the shell an early end to bracketed paste mode, allowing the rest of the command to run as if typed. One seemingly simple way to prevent this would be to sanitize / disallow pasting buffers that contain this exact sequence. If bracketed paste mode is active, it seems incorrect to me to allow writing an "early" end sequence. I believe some other terminals take it a step further by sanitizing all sorts of other potentially "dangerous" characters (e.g.: https://gitlab.gnome.org/GNOME/vte/-/blob/master/src/pastify.cc) Curious to hear what others' thoughts are on this, and whether a patch along these lines would be seen as valuable. If so, I could try to send one over. Thanks!
