You might be right that the remaining ones that slip through your regex are mere "nuisance"s. But you know how those things go - one man's nuisance is another man's vuln. Some of those, anyhow, are implemented by the Linux console driver.
Why not just take the tried and true "safe" route, as implemented by vis(3)'s VIS_SAFE or similar? Otherwise it sounds like you're playing with a bit of fire. Put differently, is there some legitimate use case of the ANSI escape characters that make you want to preserve some of their usage while disallowing other parts? If so, that would really surprise me. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890286 Title: ansi escape sequence injection in add-apt-repository To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
