34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
# HG changeset patch
|
|
# Parent d5ffae3ffb4d7bccf09feb476eed67e7688d73cf
|
|
# forbid dangerous escape sequences (font loading)
|
|
|
|
Index: xterm-385/XTerm.ad
|
|
===================================================================
|
|
--- xterm-385.orig/XTerm.ad
|
|
+++ xterm-385/XTerm.ad
|
|
@@ -269,6 +269,11 @@
|
|
! Alternatively,
|
|
!*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
|
|
|
|
+! Security: Disallow operations that might allow raw text being pasted to xterm to
|
|
+! execute code.
|
|
+*allowWindowOps: false
|
|
+*allowFontOps: false
|
|
+
|
|
!! We want a 8bit clean xterm
|
|
*eightBitInput: true
|
|
*eightBitOutput: true
|
|
Index: xterm-385/xterm.man
|
|
===================================================================
|
|
--- xterm-385.orig/xterm.man
|
|
+++ xterm-385/xterm.man
|
|
@@ -2277,7 +2277,7 @@ The default is \*(``true\*(''.
|
|
.TP
|
|
.B "allowFontOps\fP (class\fB AllowFontOps\fP)"
|
|
Specifies whether control sequences that set/query the font should be allowed.
|
|
-The default is \*(``true\*(''.
|
|
+The default is \*(``false\*(''.
|
|
.TP
|
|
.B "allowMouseOps\fP (class\fB AllowMouseOps\fP)"
|
|
Specifies whether control sequences that enable \fI\*n\fP to send
|