https://bugs.kde.org/show_bug.cgi?id=435548
Bug ID: 435548
Summary: Konsole clear scrollback and reset (ctrl+shft+k)
disables bracketed-paste
Product: konsole
Version: 20.12.3
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: keyboard
Assignee: konsole-de...@kde.org
Reporter: gabrielfer...@gmail.com
Target Milestone: ---
Created attachment 137452
--> https://bugs.kde.org/attachment.cgi?id=137452&action=edit
Left before clearing konsole - right after clearing konsole
SUMMARY
Some shells (bash, zsh), and readline, have a mode where pasted text is not run
even if they contain newlines. This is a good thing if you are copying and
pasting
commands from websites, where might contain hidden text that could be used to
take
control of your system.
This works in Konsole, until you use the ctrl+shft+k shortcut, after you use
it,
you might be tricked into thinking that it's okay to paste anything in your
shell,
as nothing will be executed before you hit enter, that gives false sense of
security to the user.
See:
http://thejh.net/misc/website-terminal-copy-paste
for an example of hidden text that can be embedded in websites.
STEPS TO REPRODUCE
1. Enable bracketed-paste in your shell
2. Clear scrollback and reset konsole (ctrl+shft+k)
3. Paste text with multiple lines
OBSERVED RESULT
Multi-line command gets executed.
EXPECTED RESULT
Multi-line command waits for the user to review
what was pasted before executing anything.
--
You are receiving this mail because:
You are watching all bug changes.
