Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Apr 2018 13:02:27 +0200
From: Christian Brabandt <>
Subject: Re: Terminal Control Chars

On Di, 10 Apr 2018, Gordo Lowrey wrote:

> On Mon, Mar 5, 2018 at 11:50 AM, wrote:
> >The correct solution would be to disallow the pasting of certain control
> >characters.

FWIW: The vim poc has been "fixed" as of

> I'm just gonna go out on a limb here, and say this is an unfounded
> assertion.
> Perhaps the correct solution would be to prevent the browser from copying
> invisible characters.
> If you're going to break some basic mechanic of human computer interaction,
> at least don't break my damn terminal (not that I use VTE, it doesn't
> support OSC 52, among others), but the principle stands... Instead of
> worrying about sanitizing what is pasted, why not worry about sanitizing
> what is copied instead?

That was also the conclusion on the vim-dev list.

There is a similar Debian bug report against rxvt-unicode where the same 
conclusion is drawn:

And the corresponding mozilla/firefox bug:


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ