core: consider any paste with bracketed paste closer unsafe

Thanks to: https://thejh.net/misc/website-terminal-copy-paste If a paste has the ending sentinel value for a bracketed paste ("\x1b[201~") then the shell may start processing data faster. We now consider this unsafe even if the `clipboard-paste-bracketed-safe` setting is true.
2025-07-14 15:56:13 +03:00 · 2024-06-08 14:38:49 -07:00
parent 6bd8cfb840
commit fb7cbd69c0
2 changed files with 25 additions and 6 deletions
--- a/src/Surface.zig
+++ b/src/Surface.zig
@ -3449,11 +3449,29 @@ fn completeClipboardPaste(
        //
        // We do not do this for bracketed pastes because bracketed pastes are
        // by definition safe since they're framed.
-        if ((!self.config.clipboard_paste_bracketed_safe or !bracketed) and
-            self.config.clipboard_paste_protection and
-            !allow_unsafe and
-            !terminal.isSafePaste(data))
-        {
+        const unsafe = unsafe: {
+            // If we've disabled paste protection then we always allow the paste.
+            if (!self.config.clipboard_paste_protection) break :unsafe false;
+
+            // If we're allowed to paste unsafe data then we always allow the paste.
+            // This is set during confirmation usually.
+            if (allow_unsafe) break :unsafe false;
+
+            if (bracketed) {
+                // If we're bracketed and the paste contains and ending
+                // bracket then something naughty might be going on and we
+                // never trust it.
+                if (std.mem.indexOf(u8, data, "\x1B[201~") != null) break :unsafe true;
+
+                // If we are bracketed and configured to trust that then the
+                // paste is not unsafe.
+                if (self.config.clipboard_paste_bracketed_safe) break :unsafe false;
+            }
+
+            break :unsafe !terminal.isSafePaste(data);
+        };
+
+        if (unsafe) {
            log.info("potentially unsafe paste detected, rejecting until confirmation", .{});
            return error.UnsafePaste;
        }
--- a/src/terminal/sanitize.zig
+++ b/src/terminal/sanitize.zig
@ -2,7 +2,8 @@ const std = @import("std");

 /// Returns true if the data looks safe to paste.
 pub fn isSafePaste(data: []const u8) bool {
-    return std.mem.indexOf(u8, data, "\n") == null;
+    return std.mem.indexOf(u8, data, "\n") == null and
+        std.mem.indexOf(u8, data, "\x1b[201~") == null;
 }

 test isSafePaste {