undefined | Better HN

0 pointsbsimpson8y ago0 comments

0 comments

xg158y ago

I think that advice got warped/lost in translation: Wasn't the original advice "dont't paste stuff copied from web pages into the CLI"? - Because a bad page could covertly change what is actually copied via JS.

That danger doesn't apply when things are copied from the browser chrome (address bar) or other locations. So why would pasting then still be dangerous?

I think blindly passing on advices "because $SECURITY" can actually detrimental to security because you may end up with half a dozen esoteric practices without actually knowing what they defend against. (I know the parent was half-joking, I think that's a more general problem)

jrimbault8y ago

You don't even need JS. In French and in style:

    <p>un paragraphe <span style="font-size: 0;">pas si </span>innocent</p>

So disabling JS won't protect you from those.

vbernat8y ago

Most shells now support a bracketed paste mode. zsh: https://github.com/zsh-users/zsh/commit/98687fa1dec803f041cb..., bash: https://www.gnu.org/software/bash/manual/html_node/Readline-... (enable-bracketed-paste)

itake8y ago

iTerm gives you a warning if it thinks you just pasted in something malicious

ospider8y ago

I think it gives warning when you paste something ends with a `\n`.

ReverseCold8y ago

I think my zsh does something to detect copy paste (and not execute the command till I press enter), or it could be iTerm, no idea.

j / k navigate · click thread line to collapse