Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Apr 2018 09:43:10 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: Terminal Control Chars

* Jakub Wilk <jwilk@...lk.net>, 2018-04-12, 19:13:
>>Perhaps the correct solution would be to prevent the browser from 
>>copying invisible characters.
>
>Do you mean control characters, or something else?

One reason I asked because for some people knee-jerk reaction upon 
learning about this issue is to insist that the browser should only copy 
what the user sees. Cleverly, they never elaborate what that means 
exactly.

Is a "font-size: 3pt" text visible? Should the browser consult the 
user's eye exam results before deciding what to copy?

Does it mean Ctrl+A Ctrl+C would copy only text within the viewport? I 
guess so, but that's not what browser users expect.

And in the PDF world: the user is often shown a scan, and there's a 
hidden copyable text layer. Should the PDF browser somehow refuse to 
copy text with recognition errors?

>>If you're going to break some basic mechanic of human computer 
>>interaction,
>Huh? Most users don't interact with their terminal-based software by 
>pasting control characters.

As it was noted elsewhere in this thread, tabs and newlines are control 
characters, too. People paste them all the time. But I don't think 
anyone is seriously proposing to filter out these two.

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ