Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
xterm
xterm-forbid_window_and_font_ops.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xterm-forbid_window_and_font_ops.patch of Package xterm
# forbid dangerous escape sequences (font loading) diff --git a/XTerm.ad b/XTerm.ad --- a/XTerm.ad +++ b/XTerm.ad @@ -260,16 +260,21 @@ !*faceSize: 8 ! Here is a pattern that is useful for double-clicking on a URL: !*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48 ! ! Alternatively, !*on2Clicks: regex [[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+ +! Security: Disallow operations that might allow raw text being pasted to xterm to +! execute code. +*allowWindowOps: false +*allowFontOps: false + !! We want a 8bit clean xterm *eightBitInput: true *eightBitOutput: true !! Default Settings *termName: xterm *pointerShape: top_left_arrow *scrollKey: true diff --git a/xterm.man b/xterm.man --- a/xterm.man +++ b/xterm.man @@ -1809,17 +1809,17 @@ The default is \*(``false\*(''. .TP .B "allowColorOps (\fPclass\fB AllowColorOps)" Specifies whether control sequences that set/query the dynamic colors should be allowed. ANSI colors are unaffected by this resource setting. The default is \*(``true\*(''. .TP .B "allowFontOps (\fPclass\fB AllowFontOps)" Specifies whether control sequences that set/query the font should be allowed. -The default is \*(``true\*(''. +The default is \*(``false\*(''. .TP 5 .B "allowPasteControls (\fPclass\fB AllowPasteControls)" If true, allow control characters such as BEL and CAN to be pasted. Formatting characters (tab, newline) are always allowed. Other C0 control characters are suppressed unless this resource is enabled. The exact set of control characters (C0 and C1) depends upon whether UTF-8 encoding is used, as well as the \fBallowC1Printable\fP resource.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor