I’ve been noticing one or two little quirks of the KDE Konsole terminal emulator lately. One is, when I copy and paste multiple lines of commands at once, they don’t get executed one by one, in fact they don’t get executed at all: I still have to press Enter afterwards to execute them. Another is, if I forget to type CTRL-SHIFT-V to do the paste, but do CTRL-V instead (the standard Unix control character which means “enter next character literally”), the pasted text gets prefixed with “«esc»[200~” and followed by a “~” character. If it wasn’t for that CTRL-V, that escape-sequence prefix would be interpreted by the terminal emulator. (Actually it turns out that ending “~” is actually part of the sequence “«esc»[201~”, which was being misinterpreted in that case because it did not follow a proper “«esc»[200~” sequence.) It turns out both of these behaviours are by design. That special escape sequence activates “bracketed-paste” mode <https://cirw.in/blog/bracketed-paste>. This is a safety feature to guard against malicious commands: it means the paste on its own is never enough to execute anything. So the user always gets a chance to see what has been pasted, before explicitly executing it. This behaviour is probably commonplace among other terminal emulators, as well.
tilix [1] has that "please press enter to execute" feature as well when using ctrl+shift+v (pasted chars are also still highlighted). Took me a while figuring out why things didn't happen. ;-) It also has the jice feature of prompting you after pasting a sudo command, whether you REALLY want to execute that command. [1] https://gnunn1.github.io/tilix-web/ Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) http://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/ Jun 25, 2022 15:39:39 Lawrence D'Oliveiro <ldo(a)geek-central.gen.nz>:
I’ve been noticing one or two little quirks of the KDE Konsole terminal emulator lately. One is, when I copy and paste multiple lines of commands at once, they don’t get executed one by one, in fact they don’t get executed at all: I still have to press Enter afterwards to execute them.
Another is, if I forget to type CTRL-SHIFT-V to do the paste, but do CTRL-V instead (the standard Unix control character which means “enter next character literally”), the pasted text gets prefixed with “«esc»[200~” and followed by a “~” character. If it wasn’t for that CTRL-V, that escape-sequence prefix would be interpreted by the terminal emulator. (Actually it turns out that ending “~” is actually part of the sequence “«esc»[201~”, which was being misinterpreted in that case because it did not follow a proper “«esc»[200~” sequence.)
It turns out both of these behaviours are by design. That special escape sequence activates “bracketed-paste” mode <https://cirw.in/blog/bracketed-paste>. This is a safety feature to guard against malicious commands: it means the paste on its own is never enough to execute anything. So the user always gets a chance to see what has been pasted, before explicitly executing it.
This behaviour is probably commonplace among other terminal emulators, as well. _______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
Bracketed-paste mode baffled me for a little while when I first experienced it. I think it was implemented in response to the discovery of Nasty Copy (I couldn't find a name for the shenanigan so I made this one up). Via JavaScript: https://www.wizer-training.com/blog/copy-paste Or via div tags: https://docs.microsoft.com/en-us/troubleshoot/developer/browsers/core-featur... Both of these links are surprisingly recent, but I'm sure this was discovered a few years back. [literally my next click] ... It's called PasteJacking, published by NakedSecurity in 2016: https://nakedsecurity.sophos.com/2016/05/26/why-you-cant-trust-things-you-cu... E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Sat, 25 Jun 2022, at 15:52, Peter Reutemann wrote:
tilix [1] has that "please press enter to execute" feature as well when using ctrl+shift+v (pasted chars are also still highlighted). Took me a while figuring out why things didn't happen. ;-) It also has the jice feature of prompting you after pasting a sudo command, whether you REALLY want to execute that command.
[1] https://gnunn1.github.io/tilix-web/
Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 (office) +64 (7) 577-5304 (home office) http://www.cs.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
Jun 25, 2022 15:39:39 Lawrence D'Oliveiro <ldo(a)geek-central.gen.nz>:
I’ve been noticing one or two little quirks of the KDE Konsole terminal emulator lately. One is, when I copy and paste multiple lines of commands at once, they don’t get executed one by one, in fact they don’t get executed at all: I still have to press Enter afterwards to execute them.
Another is, if I forget to type CTRL-SHIFT-V to do the paste, but do CTRL-V instead (the standard Unix control character which means “enter next character literally”), the pasted text gets prefixed with “«esc»[200~” and followed by a “~” character. If it wasn’t for that CTRL-V, that escape-sequence prefix would be interpreted by the terminal emulator. (Actually it turns out that ending “~” is actually part of the sequence “«esc»[201~”, which was being misinterpreted in that case because it did not follow a proper “«esc»[200~” sequence.)
It turns out both of these behaviours are by design. That special escape sequence activates “bracketed-paste” mode <https://cirw.in/blog/bracketed-paste>. This is a safety feature to guard against malicious commands: it means the paste on its own is never enough to execute anything. So the user always gets a chance to see what has been pasted, before explicitly executing it.
This behaviour is probably commonplace among other terminal emulators, as well. _______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz
On Sun, 26 Jun 2022 10:19:43 +1200, Eric Light wrote:
Bracketed-paste mode baffled me for a little while when I first experienced it. I think it was implemented in response to the discovery of Nasty Copy (I couldn't find a name for the shenanigan so I made this one up).
I don’t understand the point of the escape sequences, though. The terminal emulator is putting them in, to feed to itself so it can interpret them? It already knows it is the one doing the paste. Just for fun, I tried creating text lines containing CTRL/C or that “«esc»[201~” sequence, and when I try to paste them, Konsole warns me there are funnies present, and asks if I want to strip them before pasting.
Via JavaScript: https://www.wizer-training.com/blog/copy-paste
There was a certain website I used to frequent some years ago, which added this “feature”. I copied a few lines from an article, went to paste them, and found it had included a little promo for the website as well. This was probably the trigger for my part in the discussion linked below.
Or via div tags: https://docs.microsoft.com/en-us/troubleshoot/developer/browsers/core-featur...
Actually nothing specific to <div> tags there. It’s a general CSS feature, that can be applied to other tags, e.g. <span>.
... I'm sure this was discovered a few years back.
participants (3)
-
Eric Light -
Lawrence D'Oliveiro -
Peter Reutemann