From 424fe9991b5ad61422ca5d1b0ff9b8e01465e6f5 Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Tue, 9 Jun 2026 06:21:15 +0530 Subject: [PATCH 1/2] Sanitise color control responses for shells that still dont use the kitty keyboard protocol --- kitty/window.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kitty/window.py b/kitty/window.py index dd3f79eaf..0b6e56956 100644 --- a/kitty/window.py +++ b/kitty/window.py @@ -551,6 +551,8 @@ def color_control(cp: ColorProfile, code: int, value: str | bytes | memoryview = if isinstance(value, (bytes, memoryview)): value = str(value, 'utf-8', 'replace') responses: dict[str, str] = {} + # Only printable ASCII payload allowed as it is echoed back + value = re.sub(r'[^ -~]', '', value) for rec in value.split(';'): key, sep, val = rec.partition('=') if key.startswith('transparent_background_color'): From c126e227d336aa1a923ab9bf8e22bb5566ada8e1 Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Tue, 9 Jun 2026 06:23:34 +0530 Subject: [PATCH 2/2] Bump dep version --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 27e93b81e..1a54f3b3e 100644 --- a/go.mod +++ b/go.mod @@ -26,9 +26,9 @@ require ( github.com/ulikunitz/xz v0.5.15 github.com/zeebo/xxh3 v1.1.0 golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b - golang.org/x/image v0.41.0 + golang.org/x/image v0.42.0 golang.org/x/sys v0.45.0 - golang.org/x/text v0.37.0 + golang.org/x/text v0.38.0 howett.net/plist v1.0.1 ) diff --git a/go.sum b/go.sum index 8188a2ec4..c14a91142 100644 --- a/go.sum +++ b/go.sum @@ -76,14 +76,14 @@ github.com/zeebo/xxh3 v1.1.0 h1:s7DLGDK45Dyfg7++yxI0khrfwq9661w9EN78eP/UZVs= github.com/zeebo/xxh3 v1.1.0/go.mod h1:IisAie1LELR4xhVinxWS5+zf1lA4p0MW4T+w+W07F5s= golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b h1:r+vk0EmXNmekl0S0BascoeeoHk/L7wmaW2QF90K+kYI= golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc= -golang.org/x/image v0.41.0 h1:8wS72eGJMJaBxK6okTzd4WaXumUlTVlb753MlsSvTCo= -golang.org/x/image v0.41.0/go.mod h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA= +golang.org/x/image v0.42.0 h1:1gSs6ehNWXLbkHBIPcWztk3D/6aIA/8hauiAYtlodVY= +golang.org/x/image v0.42.0/go.mod h1:rrpelvGFt+kLPAjPM4HeWPgrl0FtafueU//e5N0qk/Q= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.45.0 h1:dO4czNzziLiiXplLQgBCEpCvXQ3dnkn0SdaZSYdQ+FY= golang.org/x/sys v0.45.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc= -golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38= +golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE= +golang.org/x/text v0.38.0/go.mod h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=