Date: Fri, 13 Apr 2018 09:43:10 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Terminal Control Chars * Jakub Wilk <jwilk@...lk.net>, 2018-04-12, 19:13: >>Perhaps the correct solution would be to prevent the browser from >>copying invisible characters. > >Do you mean control characters, or something else? One reason I asked because for some people knee-jerk reaction upon learning about this issue is to insist that the browser should only copy what the user sees. Cleverly, they never elaborate what that means exactly. Is a "font-size: 3pt" text visible? Should the browser consult the user's eye exam results before deciding what to copy? Does it mean Ctrl+A Ctrl+C would copy only text within the viewport? I guess so, but that's not what browser users expect. And in the PDF world: the user is often shown a scan, and there's a hidden copyable text layer. Should the PDF browser somehow refuse to copy text with recognition errors? >>If you're going to break some basic mechanic of human computer >>interaction, >Huh? Most users don't interact with their terminal-based software by >pasting control characters. As it was noted elsewhere in this thread, tabs and newlines are control characters, too. People paste them all the time. But I don't think anyone is seriously proposing to filter out these two. -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ