
Terminal escape sequences – the new XSS for Linux sysadmins - Mojah
https://ma.ttias.be/terminal-escape-sequences-the-new-xss-for-linux-sysadmins/
======
vortico
I use a terminal emulator which does not support scrolling (as that feature is
always buggy anyway), so I almost never use `cat`. `less` acts as my pager
rather than my terminal, and I get printed escaped sequences for free.

~~~
Mojah
I can image you're the exception and not the rule. Everyone starting out with
Unix/Linux will surely use cat/head/tail/more and should be aware of the
possible consequences.

This is one of those things where "usability" (having colors etc. via escape
sequences) and "security" (plain text should be plain text, without escape
sequences) have opposing interests.

