Applied-Software/ghostty
5
0
Fork 0
mirror of https://github.com/ghostty-org/ghostty.git synced 2025-07-14 15:56:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

core: consider any paste with bracketed paste closer unsafe

Browse Source 
Thanks to: https://thejh.net/misc/website-terminal-copy-paste

If a paste has the ending sentinel value for a bracketed paste
("\x1b[201~") then the shell may start processing data faster. We now
consider this unsafe even if the `clipboard-paste-bracketed-safe`
setting is true.
This commit is contained in:
Mitchell Hashimoto
2024-06-08 14:38:49 -07:00
parent 6bd8cfb840
commit fb7cbd69c0
2 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/Surface.zig
View File

@ -3449,11 +3449,29 @@ fn completeClipboardPaste(
// //
// We do not do this for bracketed pastes because bracketed pastes are // We do not do this for bracketed pastes because bracketed pastes are
// by definition safe since they're framed. // by definition safe since they're framed.
if ((!self.config.clipboard_paste_bracketed_safe or !bracketed) and const unsafe = unsafe: {
self.config.clipboard_paste_protection and // If we've disabled paste protection then we always allow the paste.
!allow_unsafe and if (!self.config.clipboard_paste_protection) break :unsafe false;
!terminal.isSafePaste(data))
{ // If we're allowed to paste unsafe data then we always allow the paste.
// This is set during confirmation usually.
if (allow_unsafe) break :unsafe false;
if (bracketed) {
// If we're bracketed and the paste contains and ending
// bracket then something naughty might be going on and we
// never trust it.
if (std.mem.indexOf(u8, data, "\x1B[201~") != null) break :unsafe true;
// If we are bracketed and configured to trust that then the
// paste is not unsafe.
if (self.config.clipboard_paste_bracketed_safe) break :unsafe false;
}
break :unsafe !terminal.isSafePaste(data);
};
if (unsafe) {
log.info("potentially unsafe paste detected, rejecting until confirmation", .{}); log.info("potentially unsafe paste detected, rejecting until confirmation", .{});
return error.UnsafePaste; return error.UnsafePaste;
} }

3
src/terminal/sanitize.zig
View File

@ -2,7 +2,8 @@ const std = @import("std");
/// Returns true if the data looks safe to paste. /// Returns true if the data looks safe to paste.
pub fn isSafePaste(data: []const u8) bool { pub fn isSafePaste(data: []const u8) bool {
return std.mem.indexOf(u8, data, "\n") == null; return std.mem.indexOf(u8, data, "\n") == null and
std.mem.indexOf(u8, data, "\x1b[201~") == null;
} }
test isSafePaste { test isSafePaste {