| 1 |
#! perl |
| 2 |
|
| 3 |
=head1 NAME |
| 4 |
|
| 5 |
confirm-paste - ask for confirmation before pasting control characters |
| 6 |
|
| 7 |
=head1 DESCRIPTION |
| 8 |
|
| 9 |
Displays a confirmation dialog when a paste containing control characters |
| 10 |
is detected. The user can choose C<y> to either paste a sanitized variant |
| 11 |
where all control characters are removed, C<p> to paste the string |
| 12 |
unmodified or C<n> to drop the paste request completely. |
| 13 |
|
| 14 |
This is mostly meant as a defense-in-depth mechanism to protect against |
| 15 |
the common web browser bug of you selecting some text but the browser |
| 16 |
pasting a completely different text, which has some attack potential. |
| 17 |
|
| 18 |
It can also be useful to prevent you from accidentally pasting large |
| 19 |
amounts of text. |
| 20 |
|
| 21 |
=head2 DETAILS |
| 22 |
|
| 23 |
If a string containing unicode control characters (specifically U+0000 .. |
| 24 |
U+001F currrently) is pasted into the terminal, this extension will ask |
| 25 |
whether it should be pasted. Strings without control characters get pasted |
| 26 |
without prompt. |
| 27 |
|
| 28 |
When a sanitized version is pasted (choice C<y>), then contiguous |
| 29 |
sequences of those control characters will be replaced by a single spaces. |
| 30 |
|
| 31 |
The exact detection and sanitization algorithm is subject to change in |
| 32 |
future versions. |
| 33 |
|
| 34 |
=cut |
| 35 |
|
| 36 |
sub msg { |
| 37 |
my ($self, $msg) = @_; |
| 38 |
|
| 39 |
$self->{overlay} = $self->overlay (0, -1, $self->ncol, 2, urxvt::OVERLAY_RSTYLE, 0); |
| 40 |
$self->{overlay}->set (0, 0, $msg); |
| 41 |
} |
| 42 |
|
| 43 |
sub on_tt_paste { |
| 44 |
my ($self, $str) = @_; |
| 45 |
|
| 46 |
my $count = ($str =~ tr/\x00-\x1f//) |
| 47 |
or return; |
| 48 |
|
| 49 |
$self->{paste} = \$str; |
| 50 |
$self->msg ("Pasting $count control characters, continue? (y/p/n)"); |
| 51 |
|
| 52 |
my $preview = substr $self->locale_decode ($str), 0, $self->ncol; |
| 53 |
$preview =~ s/\n/\\n/g; |
| 54 |
$preview =~ s/([\x00-\x1f\x80-\x9f])/sprintf "\\x%02x", ord $1/ge; |
| 55 |
|
| 56 |
$self->{overlay}->set (0, 1, $self->special_encode ($preview)); |
| 57 |
$self->enable (key_press => \&key_press); |
| 58 |
|
| 59 |
1 |
| 60 |
} |
| 61 |
|
| 62 |
sub leave { |
| 63 |
my ($self) = @_; |
| 64 |
|
| 65 |
$self->{paste} = undef; |
| 66 |
delete $self->{overlay}; |
| 67 |
$self->disable ("key_press"); |
| 68 |
} |
| 69 |
|
| 70 |
sub key_press { |
| 71 |
my ($self, $event, $keysym, $string) = @_; |
| 72 |
|
| 73 |
my $paste = delete $self->{paste}; |
| 74 |
|
| 75 |
if ($keysym == 121) { # y |
| 76 |
my $paste = $$paste; |
| 77 |
$paste =~ s/[\x00-\x1f]+/ /g; |
| 78 |
$self->tt_paste ($paste); |
| 79 |
$self->leave; |
| 80 |
} elsif ($keysym == 112) { # p |
| 81 |
$self->tt_paste ($$paste); |
| 82 |
$self->leave; |
| 83 |
} elsif ($keysym == 110) { # n |
| 84 |
$self->leave; |
| 85 |
} |
| 86 |
|
| 87 |
$self->{paste} = $paste; |
| 88 |
|
| 89 |
1 |
| 90 |
} |
