Re: bracketed paste mode in xterm and urxvt

[Stephane Chazelas <stephane.chazelas@xxxxxxxxx>]

2015-06-03 14:06:05 +0200, Mikael Magnusson:
[...]
> It's probably worth noting that 'safe-paste' is a bad name for this,
> since the pasted text can include the end-paste escape code, causing
> the rest of the paste to appear to the shell as typed by the user.
> 
> This page has an example attack against the plugin,
> https://thejh.net/misc/website-terminal-copy-paste
> 
> Hm, seems newer xterm prohibits pasting raw escape codes, so if you
> have one of those versions, you are safe.
[...]

Yes, see:

https://security.stackexchange.com/questions/39118/how-can-i-protect-myself-from-this-kind-of-clipboard-abuse/52655#52655

for details.

Note that with xterm, it's also possible to configure it
to do another safe type of bracketed paste like:

xterm -xrm 'XTerm.VT100.translations: #override Shift <KeyPress> space: insert-formatted("\033[202~%S~%s", CLIPBOARD)'

For the CLIPBOARD selection to be inserted as ^[[202~3~abc (here
upon Shift+Space).

That is with the content of the selection prefixed with its
length (in bytes)

-- 
Stephane