CERBERUS/kitty
1
0
Fork 0
mirror of https://github.com/kovidgoyal/kitty.git synced 2026-06-24 18:07:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix stripping of escape codes not stripping \r when bracketed paste is not active

Browse source
This commit is contained in:
Kovid Goyal 2023-10-21 08:15:15 +05:30
parent 7292d1c9df
commit 3526e59d3b
No known key found for this signature in database
GPG key ID: 06BC317B515ACE7C
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
kitty/window.py
View file

@ -1470,7 +1470,12 @@ class Window:
btext = text.encode('utf-8')
if 'confirm' in opts.paste_actions:
sanitized = sanitize_control_codes(text)
if sanitized != text or (not self.screen.in_bracketed_paste_mode and re.search(r'[\r\n]', text) is not None):
if not self.screen.in_bracketed_paste_mode:
# \n is converted to \r and \r is interpreted as the enter key
# by legacy programs that dont support the full kitty keyboard protocol,
# which in the case of shells can lead to command execution
sanitized = re.sub(r'[\r\n]', ' ', sanitized)
if sanitized != text:
msg = _('The text to be pasted contains terminal control codes.\n\nIf the terminal program you are pasting into does not properly'
' sanitize pasted text, this can lead to \x1b[31mcode execution vulnerabilities\x1b[39m.\n\nHow would you like to proceed?')
get_boss().choose(