[aklug] Re: browser copy-and-paste vulnerability

From: Royce Williams <royce@tycho.org>
Date: Wed Apr 10 2013 - 20:50:58 AKDT

On Wed, Apr 10, 2013 at 1:28 PM, Arthur Corliss
<acorliss@nevaeh-linux.org>wrote:

> On Wed, 10 Apr 2013, bryanm@acsalaska.net wrote:
>
> As the linked comments point out, there are ways of getting around
>> proposed
>> protections. For example, if you paste into vi, the text could include
>> ":q!"
>> followed by the nasty commands. Pasting into a GUI text editor might
>> actually
>> work, as long as there are no keystrokes that could provide access to a
>> command shell.
>>
>
> Uh, no, that would only work if you pasted into vi in command mode rather
> than text entry mode. Something any true vi'er would not likely do.

On Windows, at least, ESC itself can be cut-and-pasted. I sometimes use
Notepad to compose quick poor-man's macros that include escape characters
to paste into vim. I'm not sure if such characters can be included in HTML
source, though.

-- 
Royce Williams
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Apr 10 20:51:27 2013

This archive was generated by hypermail 2.1.8 : Wed Apr 10 2013 - 20:51:27 AKDT