Pasting into a terminal can be dangerous (see http://thejh.net/misc/website-terminal-copy-paste). I certainly do it accidentally all the time.
Luckily many terminal emulators can indicate to their containing programs when pasting is happening. This plugin (shamelessly copied from http://www.zsh.org/mla/users/2011/msg00367.html) allows you to paste into zsh runnings inside xterm/urxvt/iTerm2 safely.
It does this by preventing any code from actually running while pasting, so you have a chance to review what was actually pasted before running it.
somehow I can't get this to work at all, pasting is still the same as before
Actually, I just remembered that someone wrote on reddit (I think) that you can embed escape sequences in HTML... and bracketed paste uses escape sequences... so this is actually not a solution. See http://thejh.net/misc/website-terminal-copy-paste (now updated) for a variant that also works on people who have safe-paste activated.
Well, I guess this is still useful against accidential multiline pastes.
@agony, which terminal are you using? echo $TERM.
@thetj, nice!. I mainly use this because I've pasted totally random stuff into my terminal a bucket-load of times. BTW, you should try and make double-click to copy work.
@ConradIrwin You mean triple-click? Hmm... I could just add a JS script to make it work for people who have JS enabled, but I don't know any way to make it work for people with JS disabled.
@thejh Yes. At least I'm safe for now then :).
@ConradIrwin Hmm, actually... triple-clicking selects the newline in the end, so if there's a one-liner with some hidden evil stuff like this, you'd probably be affected:
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git a b; evil_command
However, those who just drag the mouse to select the command would then probably often not copy the newline at the end.
@ConradIrwin currently rxvt-unicode, but I also tried xterm, nothing. shift+insert just pastes as it always had
@agony interesting, it works for me under rxvt-unicode. Do you have the latest oh-my-zsh code? (You can get it by running upgrade_oh_my_zsh)
yeah, just updated today
For me, only the first paste worked. Adding this to the end of _end_paste() fixed it for me:
bindkey '^[[200~' _start_paste
Edit: Sorry, my fault. My default keymap was (implicitly) set to viins, not emacs, because my $EDITOR included the substring "vi".
Add safe paste -plugin.
I found it from robbyrussell/oh-my-zsh#1698 and
it seems to work nicely.
Note that this plugin is safe (at least with regards to \e[201~ in the copied text) in the default configuration of recent versions of xterm, that don't allow pasting control characters other than newline (transformed to carriage-return), backspace, carriage-return, del and tab.
There's a problem only on terminals that don't do that like gnome-terminal or older versions of xterm, or xterm configured with allowPasteControls enabled.
See http://security.stackexchange.com/a/52655 for details.