Date: Fri, 13 Apr 2018 09:43:10 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Terminal Control Chars * Jakub Wilk <jwilk@...lk.net>, 2018-04-12, 19:13: >>Perhaps the correct solution would be to prevent the browser from >>copying invisible characters. > >Do you mean control characters, or something else? One reason I asked because for some people knee-jerk reaction upon learning about this issue is to insist that the browser should only copy what the user sees. Cleverly, they never elaborate what that means exactly. Is a "font-size: 3pt" text visible? Should the browser consult the user's eye exam results before deciding what to copy? Does it mean Ctrl+A Ctrl+C would copy only text within the viewport? I guess so, but that's not what browser users expect. And in the PDF world: the user is often shown a scan, and there's a hidden copyable text layer. Should the PDF browser somehow refuse to copy text with recognition errors? >>If you're going to break some basic mechanic of human computer >>interaction, >Huh? Most users don't interact with their terminal-based software by >pasting control characters. As it was noted elsewhere in this thread, tabs and newlines are control characters, too. People paste them all the time. But I don't think anyone is seriously proposing to filter out these two. -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.