It should be possible to configure konsole in a way so it works well together with online tutorials guiding the user with example commands. I suggest that konsole allows a way of pasting where line by is inserted into the shell rather than executing as LF is scanned. Recommended behaviour: As the user uses "Paste", the clipboard is appended to an initially empty konsole-session owned buffer asserting that the last character is LF (append if none there). If the buffer was empty: Scan the buffer till the first LF, send that part to shell (LF excluded) and delete from buffer (LF included). This step is called dequeue. As the user sends Enter/Return to shell and the buffer is not empty: dequeue - this should execute the first line and at the same time have the next line sent to shell, but without the LF so it won't execute immediately. On user request the buffer is cleared. This improves security, because the user is able to review a command he copied from an online tutorial which (if malicious) might contain commands which were not visible as it was copied. (Secure) If the command contains parts which should be modified to user needs, the user is now able to. (Flexible) After execution of a command, the user is able to review its execution and to decide whether to proceed. (Reviewable) Please either add as alternate way of pasting or make copy+paste configurable. If experience shows that this way of pasting makes more sense for most use-cases than the todays way, please consider making it the default. Reproducible: Always Actual Results: The default behaviour today is to send the whole clipboard to shell directly.
*line by line
My motivation to write this request is this "security alert": http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy-Paste-1841048.html However, I don't see this as a security hole in konsole at all, but as a opportunity to have konsole assist in increasing security slightly. After all it's the users fault if the users pastes something random "from the internet" to the shell without checking.
Is this a duplicate of bug 89299?
Yes, the problem is the same. Should I copy my solution proposal to that bug?
please so *** This bug has been marked as a duplicate of bug 89299 ***