[go: up one dir, main page]
|
|
Log in / Subscribe / Register

terminal paste protection : why not at browser level?

terminal paste protection : why not at browser level?

Posted Mar 31, 2018 10:42 UTC (Sat) by Herve5 (guest, #115399)
Parent article: A look at terminal emulators, part 1

While I see there seems to be no real 'input filter' against incoming bad clipboard urls, could there be some 'export filter' e. g. within Firefox, that would specifically turn any copied text into what actually was displayed, trashing all the invisible payloads?
That'd suppress the problem before it reaches the terminal...

to post comments

terminal paste protection : why not at browser level?

Posted Mar 31, 2018 11:07 UTC (Sat) by karkhaz (subscriber, #99844) [Link] (1 responses)

Nice idea, though it would be great to have it implemented either at the desktop environment/window manager level, or at the X/Wayland level---that way it would apply to all applications that write to the clipboard, and it wouldn't be each application's responsibility to implement it separately.

Something like: if the user copies some text that contains control characters or other nasties, the window manager could throw up some kind of alert window telling them so. It would be nice to have the range of troublesome characters configurable, too---for example, Hebrew or Arabic-speaking users might commonly be copying U+200F RIGHT-TO-LEFT MARK, but other users might want to be warned about it.

I'm not sure how widely welcomed this would be, though. For users who never run a terminal emulator, this feature seems mostly useless.

terminal paste protection : why not at browser level? -> potential addon

Posted Mar 31, 2018 17:18 UTC (Sat) by Herve5 (guest, #115399) [Link]

I just found this : https://addons.mozilla.org/fr/firefox/addon/skim-the-clip...
But being a rather minimal user I'm not sure I'll get it to work...

terminal paste protection : why not at browser level?

Posted Apr 1, 2018 23:13 UTC (Sun) by roc (subscriber, #30627) [Link] (2 responses)

It's hard to do that in the browser in a foolproof way because it's difficult to determine "what actually was displayed".

For example, is text inside "font-size:1px" displayed? How about text inside "opacity:0.05"? How about "background:black; color:rgb(5,5,5)"? How about homoglyphs? What about using relative positioning, line-height, letter-spacing etc to overprint or reorder text?

The most foolproof way might be to determine the copied text by performing OCR on the pixel data ... except of course there are interesting ways to fool OCR too.

terminal paste protection : why not at browser level?

Posted Apr 2, 2018 18:46 UTC (Mon) by iabervon (subscriber, #722) [Link] (1 responses)

It might be possible to have a tooltip-style popup that says what it was that the browser put in the clipboard, and let the user be surprised or not.

terminal paste protection : why not at browser level?

Posted Apr 3, 2018 18:45 UTC (Tue) by Herve5 (guest, #115399) [Link]

Roc, you are right. At the end of my 'browser addon quest' I found one that may have allowed running some regexp onto the clipboard contents, and I imagined some wiser guy would propose the killer Regexp, but now having read your post I'm far less sure about that ;-)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds