Implement safety for ANSI escape sequences

sharkdp / bat

A cat(1) clone with wings.

Apache License 2.0

49.68k stars 1.25k forks source link

Implement safety for ANSI escape sequences #3054

Open awvalenti opened 3 months ago

awvalenti commented 3 months ago

Basically, cat is an unsafe way to display text. cat -v is safer.

According to README, I believe bat doesn't implement this security feature. Unlike cat, bat is only used for human-readable output. For that reason, this may be a good feature. Possibly it could simply replace stuff like <Esc>x with ^[x.

Details: https://unix.stackexchange.com/questions/780938/is-it-still-unsafe-to-cat-an-arbitrary-file

eth-p commented 3 months ago

Just a small tip: although this isn't supported right now, bat -A/--show-all can be used to achieve something similar.

The -A option will replace invisible characters with symbols like ␛ and ␊, and Unicode characters will be represented in escape sequence notation (e.g. \u{2500}) instead of being printed directly.