Terminal: prevent paste auto-exec when clipboard has trailing newline#313254
Merged
meganrogge merged 3 commits intoApr 29, 2026
Conversation
Prevents clipboard-hijack scenarios from auto-executing pasted commands when the shell does not support bracketed paste mode. Right-click / Ctrl+V paste of a command followed by a newline previously executed immediately; now the trailing newline is stripped so the user must press Enter to run the command.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR mitigates an MSRC-reported terminal clipboard hijack scenario by preventing a pasted single-line command with a trailing newline from auto-executing when bracketed paste mode is not active.
Changes:
- Update
shouldPasteTerminalTextto strip trailing newline(s) inautomode when bracketed paste mode is disabled by returning{ modifiedText }. - Extend the existing unit test to validate the new
auto-mode behavior and the bracketed-paste-mode passthrough.
Show a summary per file
| File | Description |
|---|---|
| src/vs/workbench/contrib/terminalContrib/clipboard/browser/terminalClipboard.ts | Strips trailing newline(s) in auto mode (non-bracketed paste) to avoid paste-triggered execution. |
| src/vs/workbench/contrib/terminalContrib/clipboard/test/browser/terminalClipboard.test.ts | Updates tests to cover the modified return value and bracketed paste branch. |
Copilot's findings
Comments suppressed due to low confidence (1)
src/vs/workbench/contrib/terminalContrib/clipboard/test/browser/terminalClipboard.test.ts:63
- The assertion compares objects via
JSON.stringify(...), which makes failures harder to read and can mask issues. Prefer importing/usingdeepStrictEqual(orassert.deepStrictEqual) to compare the returned{ modifiedText }structure directly.
strictEqual(JSON.stringify(await instantiationService.invokeFunction(shouldPasteTerminalText, 'foo\n', undefined)), JSON.stringify({ modifiedText: 'foo' }));
// Auto with bracketed paste mode: shell handles newline literally, safe to paste as-is.
- Files reviewed: 2/2 changed files
- Comments generated: 2
…minalClipboard.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…r/terminalClipboard.test.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
pwang347
approved these changes
Apr 29, 2026
meganrogge
deleted the
megan/fix-terminal-paste-trailing-newline-autoexec
branch
50 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes an MSRC-reported issue where pasting clipboard text containing a trailing newline into the integrated terminal would automatically execute the command.
Repro
navigator.clipboard.writeText('calc.exe\\n').calc.exeruns immediately, before the user reviews it.Root cause
shouldPasteTerminalText(interminalContrib/clipboard) special-cases the defaultautovalue ofterminal.integrated.enableMultiLinePasteWarningand returnstrue(paste as-is) whenever the text is a single command followed by a trailing newline — even when bracketed paste mode is not active. The trailing\nis then sent verbatim to the shell, which executes the command.Fix
In
automode and when bracketed paste mode is not enabled, strip the trailing newline(s) before pasting (return{ modifiedText }). The command appears at the prompt; the user must press Enter to run it. Bracketed-paste-aware shells continue to receive the original text unchanged. Updated the existing unit test to cover both branches.