The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,764 other followers

Copy-Paste from Website to Terminal – always paste via an intermediate text editor

Posted by jpluimers on 2016/11/22

Everybody surely knows about more and more software trying to smart replace straight double quotes " with opening ” and closing ” ones.

WordPress is no exception and when you forget to embed these quotes in code and/or pre tags, your source code won’t paste as such.

For terminal code (nx or Windows console doesn’t matter much): it’s much worse: you should not copy/paste code directly to the terminal.

I usually did this any way to get quotes corrected, but  – via Daniela Osterhagen referring Dorin Duminica – recently came across a reason that’s much more important:

What’s on the clipboard might not be what you saw on the web site.

An elaborate example is at User iteraction based exploitation: WYSINWYC (What you see is not what you copy) but it comes down to:

  1. The clipboard is getting all text from a selection
  2. The browser hides some part of that text by cleverly using one more more  style tags.

So basically copy/pasting to the console is just as risky as piping curl through bash or another shell. You can actually detect that server-side (and abuse it)!


Source: Copy-Paste from Website to Terminal

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: