Copy-Paste from Website to Terminal – always paste via an intermediate text editor
Posted by jpluimers on 2016/11/22
Everybody surely knows about more and more software trying to smart replace straight double quotes " with opening ” and closing ” ones.
WordPress is no exception and when you forget to embed these quotes in code and/or pre tags, your source code won’t paste as such.
For terminal code (nx or Windows console doesn’t matter much): it’s much worse: you should not copy/paste code directly to the terminal.
I usually did this any way to get quotes corrected, but – via Daniela Osterhagen referring Dorin Duminica – recently came across a reason that’s much more important:
What’s on the clipboard might not be what you saw on the web site.
An elaborate example is at User iteraction based exploitation: WYSINWYC (What you see is not what you copy) but it comes down to:
- The clipboard is getting all text from a selection
- The browser hides some part of that text by cleverly using one more more
styletags.
So basically copy/pasting to the console is just as risky as piping curl through bash or another shell. You can actually detect that server-side (and abuse it)!
–jeroen
Source: Copy-Paste from Website to Terminal
The Wiert Corner - irregular stream of stuff 
Leave a comment