Implement safety for ANSI escape sequences

sharkdp / bat

A cat(1) clone with wings.

Apache License 2.0

48.64k stars 1.23k forks source link

Implement safety for ANSI escape sequences #3054

Open awvalenti opened 1 month ago

awvalenti commented 1 month ago

Basically, cat is an unsafe way to display text. cat -v is safer.

According to README, I believe bat doesn't implement this security feature. Unlike cat, bat is only used for human-readable output. For that reason, this may be a good feature. Possibly it could simply replace stuff like <Esc>x with ^[x.

Details: https://unix.stackexchange.com/questions/780938/is-it-still-unsafe-to-cat-an-arbitrary-file

eth-p commented 1 month ago

Just a small tip: although this isn't supported right now, bat -A/--show-all can be used to achieve something similar.

The -A option will replace invisible characters with symbols like ␛ and ␊, and Unicode characters will be represented in escape sequence notation (e.g. \u{2500}) instead of being printed directly.