| … | |
… | |
| 5 | confirm-paste - ask for confirmation before pasting control characters |
5 | confirm-paste - ask for confirmation before pasting control characters |
| 6 | |
6 | |
| 7 | =head1 DESCRIPTION |
7 | =head1 DESCRIPTION |
| 8 | |
8 | |
| 9 | Displays a confirmation dialog when a paste containing control characters |
9 | Displays a confirmation dialog when a paste containing control characters |
| 10 | is detected. |
10 | is detected. The user can choose C<y> to either paste a sanitized variant |
|
|
11 | where all control characters are removed, C<p> to paste the string |
|
|
12 | unmodified or C<n> to drop the paste request completely. |
| 11 | |
13 | |
| 12 | This is mostly meant as a defense-in-depth mechanism to protect against |
14 | This is mostly meant as a defense-in-depth mechanism to protect against |
| 13 | the common web browser bug of you selecting some text but the browser |
15 | the common web browser bug of you selecting some text but the browser |
| 14 | pasting a completely different text, which has some attack potential. |
16 | pasting a completely different text, which has some attack potential. |
| 15 | |
17 | |
| 16 | It can also be useful to prevent you from accidentally pasting large |
18 | It can also be useful to prevent you from accidentally pasting large |
| 17 | amounts of text. |
19 | amounts of text. |
|
|
20 | |
|
|
21 | =head2 DETAILS |
|
|
22 | |
|
|
23 | If a string containing unicode control characters (specifically U+0000 .. |
|
|
24 | U+001F currrently) is pasted into the terminal, this extension will ask |
|
|
25 | whether it should be pasted. Strings without control characters get pasted |
|
|
26 | without prompt. |
|
|
27 | |
|
|
28 | When a sanitized version is pasted (choice C<y>), then contiguous |
|
|
29 | sequences of those control characters will be replaced by a single spaces. |
|
|
30 | |
|
|
31 | The exact detection and sanitization algorithm is subject to change in |
|
|
32 | future versions. |
| 18 | |
33 | |
| 19 | =cut |
34 | =cut |
| 20 | |
35 | |
| 21 | sub msg { |
36 | sub msg { |
| 22 | my ($self, $msg) = @_; |
37 | my ($self, $msg) = @_; |
| … | |
… | |
| 30 | |
45 | |
| 31 | my $count = ($str =~ tr/\x00-\x1f//) |
46 | my $count = ($str =~ tr/\x00-\x1f//) |
| 32 | or return; |
47 | or return; |
| 33 | |
48 | |
| 34 | $self->{paste} = \$str; |
49 | $self->{paste} = \$str; |
| 35 | $self->msg ("Pasting $count control characters, continue? (y/n)"); |
50 | $self->msg ("Pasting $count control characters, continue? (y/p/n)"); |
| 36 | |
51 | |
| 37 | my $preview = substr $self->locale_decode ($str), 0, $self->ncol; |
52 | my $preview = substr $self->locale_decode ($str), 0, $self->ncol; |
| 38 | $preview =~ s/\n/\\n/g; |
53 | $preview =~ s/\n/\\n/g; |
| 39 | $preview =~ s/([\x00-\x1f\x80-\x9f])/sprintf "\\x%02x", ord $1/ge; |
54 | $preview =~ s/([\x00-\x1f\x80-\x9f])/sprintf "\\x%02x", ord $1/ge; |
| 40 | |
55 | |
| … | |
… | |
| 53 | } |
68 | } |
| 54 | |
69 | |
| 55 | sub key_press { |
70 | sub key_press { |
| 56 | my ($self, $event, $keysym, $string) = @_; |
71 | my ($self, $event, $keysym, $string) = @_; |
| 57 | |
72 | |
|
|
73 | my $paste = delete $self->{paste}; |
|
|
74 | |
| 58 | if ($keysym == 121) { # y |
75 | if ($keysym == 121) { # y |
|
|
76 | my $paste = $$paste; |
|
|
77 | $paste =~ s/[\x00-\x1f]+/ /g; |
|
|
78 | $self->tt_paste ($paste); |
|
|
79 | $self->leave; |
|
|
80 | } elsif ($keysym == 112) { # p |
| 59 | $self->tt_paste (${$self->{paste}}); |
81 | $self->tt_paste ($$paste); |
| 60 | $self->leave; |
82 | $self->leave; |
| 61 | } elsif ($keysym == 110) { # n |
83 | } elsif ($keysym == 110) { # n |
| 62 | $self->leave; |
84 | $self->leave; |
| 63 | } |
85 | } |
| 64 | |
86 | |
|
|
87 | $self->{paste} = $paste; |
|
|
88 | |
| 65 | 1 |
89 | 1 |
| 66 | } |
90 | } |
