Bug 435548

Summary: Konsole clear scrollback and reset (ctrl+shft+k) disables bracketed-paste
Product: [Applications] konsole Reporter: Gabriel Fernandes <gabrielfernnd>
Component: keyboardAssignee: Konsole Developer <konsole-devel>
Status: REPORTED ---    
Severity: major    
Priority: NOR    
Version: 20.12.3   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Left before clearing konsole - right after clearing konsole

Description Gabriel Fernandes 2021-04-09 15:34:32 UTC 
Created attachment 137452 [details]
Left before clearing konsole - right after clearing konsole

SUMMARY
Some shells (bash, zsh), and readline, have a mode where pasted text is not run
even if they contain newlines. This is a good thing if you are copying and pasting
commands from websites, where might contain hidden text that could be used to take
control of your system.
This works in Konsole, until you use the ctrl+shft+k shortcut, after you use it,
you might be tricked into thinking that it's okay to paste anything in your shell,
as nothing will be executed before you hit enter, that gives false sense of security to the user.

See:
http://thejh.net/misc/website-terminal-copy-paste
for an example of hidden text that can be embedded in websites.

STEPS TO REPRODUCE
1. Enable bracketed-paste in your shell
2. Clear scrollback and reset konsole (ctrl+shft+k)
3. Paste text with multiple lines

OBSERVED RESULT
Multi-line command gets executed.

EXPECTED RESULT
Multi-line command waits for the user to review
what was pasted before executing anything.