On Thu, Apr 19, 2018 at 06:33:51AM +0200, Marc Lehmann wrote:
I will consider this as an optional feature, but what I do not understand is
why this is somehow treated as a propblem that can be fixed in the terminal
emulator (it can't), since this bug is clearly in whichever application ("web
browser") that selects text that the user simply didn't select because he/she
didn't see it?
It is indeed an optional feature and I specifically chose to disable it by
default. You're also right that there is a bug in the application which allows
copying these characters in the first place.
Personally, I do like the idea of doing filtering on the terminal emulator
side; the first reason is that I'm only using one terminal emulator
application, while there are numbers of programs which may interact with the
clipboard; also, some of these programs might be remote-access applications
(rdp, vnc) interfacing with an entirely different os, which itself as well as
its applications oblivious to the mentioned problem; so, I can't possibly be
sure that all those applications (whether local or remote) are behaving well.
Should then rdp/vnc clients be responsible for filtering? If so, how that would
be different from filtering in the terminal emulator? A remote viewer app is
not the logical source of copied text.
Patching terminal emulators to disable useful (I use this many times a day)
and harmless features like this while leaving the real security issue
unpatched seems highly counterproductive.
(I'm not arguing that the real issue must be patched.)
Here, the second reason -- I cannot see a reasonable use case for being able to
paste control characters (it's definitely subjective, but I'm interested to
hear what these valid use cases might be). So, instead of worrying about all
possible applications that are not doing the right thing, I would prefer to
close the attack surface, especially since there is a little benefit in keeping
it (again, subjective). "Close" here is relative, since some interesting stuff
might be achieved by mere TAB triggering shell autocompletion scripts and
filtering TABs is generally undesireable. But nonetheless.
To sum up, I'm trying to say that it would be great to have the option. Some
users might not have any valid use case to paste control characters and some
might not even consider this to be possible.
PS. There is a mess with signed/unsigned chars in the original patch. Please,
consider the second version (in a separate email).
_______________________________________________
rxvt-unicode mailing list
[email protected]
http://lists.schmorp.de/mailman/listinfo/rxvt-unicode
