WYSINWYC (What you see is not what you copy)

It’s not a good idea to copy-paste from a website to teminal, details and PoC demo:

1 Like

Really nice! That moment when you get paranoid that you download the article and open it in a text editor to make sure there are no malicious hidden characters…

I guess telling people not to copy and paste is pretty much useless because that is super important when learning linux basics. But I think one mitigation would be to enable escaped pasting (I don’t remember how to do that). Where when it pastes, it doesn’t put there the new lines that automatically execute the paste.

This way the user can at least notice something is wrong with the command. Not much more than that can be done about it, I think.

edit: so many mistakes in the document, though…

You mean the bracketed paste mode?

One mitigation is to add the following in ~/.inputrc (given that you are using Bash):

set enable-bracketed-paste on
1 Like

Yup. Exactly that bracketed paste mode