Vincent Lefevre wrote in <20250512091003.ga497...@qaa.vinc17.org>: |On 2025-05-10 15:49:20 +0100, Andrew Mass wrote: |> One seemingly simple way to prevent this would be to sanitize / |> disallow pasting buffers that contain this exact sequence. If |> bracketed paste mode is active, it seems incorrect to me to allow |> writing an "early" end sequence. |> |> I believe some other terminals take it a step further by sanitizing |> all sorts of other potentially "dangerous" characters (e.g.: |> https://gitlab.gnome.org/GNOME/vte/-/blob/master/src/pastify.cc) | |It seems that xterm changes ESC to a space and NUL to \0 (2 characters). |The other control characters seem unfiltered, which is fine with zsh. |Note that this is independent on whether bracketed paste mode is active |(for instance, this also occurs in cooked mode).
I think any "matured" console program then "does something" to avoid to output controls as-is. If you are in Unicode mode, you can simply "wc |= 0x2400" to move to the according Unicode visuals (and 0x2421 for DEL), else you print ?. (With Unicode there are then also direction marks etc to strip / take care of, whatever.) So in my opinion, anything is fine except the very end sequence PE (and NUL). ... |If you want to pass all characters, I'm wondering whether splitting |the pasted text into 2 chunks could be a solution, so that the end |sequence does not appear inside a chunk. But as I've said, ESC could Likely not, as you cannot read more than maximally strlen(PE) in order to avoid blocking for more input: so either you read bytewise or strlen(PE)-YETREAD. A bytewise reader at least.. you know. |be misinterpreted. IMHO, the bracketed paste protocol should have |provided a way to pass a pasted ESC character via an escape sequence |(and possibly other control characters, in case they would be filtered |by the terminal). Yes. (On the other hand the Unicode BOM is only two bytes, and was supposed to be sufficient said Mark Davies around 2013, though i cannot find his email no more, and, except for its position, \E[201~ is far more random. It can likely only be malicious in some piece of text to be copy+pasted possibly thought Thomas Dickey and the other involved?) --End of <20250512091003.ga497...@qaa.vinc17.org> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
