1 | #! perl |
1 | #! perl |
2 | |
2 | |
3 | =head1 NAME |
3 | =head1 NAME |
4 | |
4 | |
5 | confirm-paste - ask for confirmation before pasting multiline text |
5 | confirm-paste - ask for confirmation before pasting control characters |
6 | |
6 | |
7 | =head1 DESCRIPTION |
7 | =head1 DESCRIPTION |
8 | |
8 | |
9 | Displays a confirmation dialog when a paste containing at least a full |
9 | Displays a confirmation dialog when a paste containing control characters |
10 | line is detected. |
10 | is detected. The user can choose C<y> to either paste a sanitized variant |
|
|
11 | where all control characters are removed, C<p> to paste the string |
|
|
12 | unmodified or C<n> to drop the paste request completely. |
|
|
13 | |
|
|
14 | This is mostly meant as a defense-in-depth mechanism to protect against |
|
|
15 | the common web browser bug of you selecting some text but the browser |
|
|
16 | pasting a completely different text, which has some attack potential. |
|
|
17 | |
|
|
18 | It can also be useful to prevent you from accidentally pasting large |
|
|
19 | amounts of text. |
|
|
20 | |
|
|
21 | =head2 DETAILS |
|
|
22 | |
|
|
23 | If a string containing unicode control characters (specifically U+0000 .. |
|
|
24 | U+001F currrently) is pasted into the terminal, this extension will ask |
|
|
25 | whether it should be pasted. Strings without control characters get pasted |
|
|
26 | without prompt. |
|
|
27 | |
|
|
28 | When a sanitized version is pasted (choice C<y>), then contiguous |
|
|
29 | sequences of those control characters will be replaced by a single spaces. |
|
|
30 | |
|
|
31 | The exact detection and sanitization algorithm is subject to change in |
|
|
32 | future versions. |
11 | |
33 | |
12 | =cut |
34 | =cut |
13 | |
35 | |
14 | sub msg { |
36 | sub msg { |
15 | my ($self, $msg) = @_; |
37 | my ($self, $msg) = @_; |
… | |
… | |
19 | } |
41 | } |
20 | |
42 | |
21 | sub on_tt_paste { |
43 | sub on_tt_paste { |
22 | my ($self, $str) = @_; |
44 | my ($self, $str) = @_; |
23 | |
45 | |
24 | my $count = ($str =~ tr/\012\015//); |
46 | my $count = ($str =~ tr/\x00-\x1f//) |
25 | |
47 | or return; |
26 | return unless $count; |
|
|
27 | |
48 | |
28 | $self->{paste} = \$str; |
49 | $self->{paste} = \$str; |
29 | $self->msg ("Paste of $count lines, continue? (y/n)"); |
50 | $self->msg ("Pasting $count control characters, continue? (y/p/n)"); |
|
|
51 | |
30 | my $preview = substr $self->locale_decode ($str), 0, $self->ncol; |
52 | my $preview = substr $self->locale_decode ($str), 0, $self->ncol; |
31 | $preview =~ s/\n/\\n/g; |
53 | $preview =~ s/\n/\\n/g; |
|
|
54 | $preview =~ s/([\x00-\x1f\x80-\x9f])/sprintf "\\x%02x", ord $1/ge; |
|
|
55 | |
32 | $self->{overlay}->set (0, 1, $self->special_encode ($preview)); |
56 | $self->{overlay}->set (0, 1, $self->special_encode ($preview)); |
33 | $self->enable (key_press => \&key_press); |
57 | $self->enable (key_press => \&key_press); |
34 | |
58 | |
35 | 1 |
59 | 1 |
36 | } |
60 | } |
… | |
… | |
44 | } |
68 | } |
45 | |
69 | |
46 | sub key_press { |
70 | sub key_press { |
47 | my ($self, $event, $keysym, $string) = @_; |
71 | my ($self, $event, $keysym, $string) = @_; |
48 | |
72 | |
|
|
73 | my $paste = delete $self->{paste}; |
|
|
74 | |
49 | if ($keysym == 121) { # y |
75 | if ($keysym == 121) { # y |
|
|
76 | my $paste = $$paste; |
|
|
77 | $paste =~ s/[\x00-\x1f]+/ /g; |
|
|
78 | $self->tt_paste ($paste); |
|
|
79 | $self->leave; |
|
|
80 | } elsif ($keysym == 112) { # p |
50 | $self->tt_paste (${$self->{paste}}); |
81 | $self->tt_paste ($$paste); |
51 | $self->leave; |
82 | $self->leave; |
52 | } elsif ($keysym == 110) { # n |
83 | } elsif ($keysym == 110) { # n |
53 | $self->leave; |
84 | $self->leave; |
54 | } |
85 | } |
55 | |
86 | |
|
|
87 | $self->{paste} = $paste; |
|
|
88 | |
56 | 1 |
89 | 1 |
57 | } |
90 | } |