[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Terminal Control Chars
From: Christian Brabandt <cb () 256bit ! org>
Date: 2018-04-10 11:02:27
Message-ID: 20180410110227.GE19724 () 256bit ! org
[Download RAW message or body]
On Di, 10 Apr 2018, Gordo Lowrey wrote:
> On Mon, Mar 5, 2018 at 11:50 AM, up201407890@alunos.dcc.fc.up.pt wrote:
> >The correct solution would be to disallow the pasting of certain control
> >characters.
FWIW: The vim poc has been "fixed" as of
https://github.com/vim/vim/releases/tag/v8.0.1587
> I'm just gonna go out on a limb here, and say this is an unfounded
> assertion.
>
> Perhaps the correct solution would be to prevent the browser from copying
> invisible characters.
>
> If you're going to break some basic mechanic of human computer interaction,
> at least don't break my damn terminal (not that I use VTE, it doesn't
> support OSC 52, among others), but the principle stands... Instead of
> worrying about sanitizing what is pasted, why not worry about sanitizing
> what is copied instead?
That was also the conclusion on the vim-dev list.
There is a similar Debian bug report against rxvt-unicode where the same
conclusion is drawn:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787628#15
And the corresponding mozilla/firefox bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=637895
Best,
Christian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic