[bsimpson]

<Insert obligatory "don't ever paste into a CLI because $SECURITY and then admit that I've done the same thing.>

[xg15]

I think that advice got warped/lost in translation: Wasn't the original advice "dont't paste stuff copied from web pages into the CLI"? - Because a bad page could covertly change what is actually copied via JS.

That danger doesn't apply when things are copied from the browser chrome (address bar) or other locations. So why would pasting then still be dangerous?

I think blindly passing on advices "because $SECURITY" can actually detrimental to security because you may end up with half a dozen esoteric practices without actually knowing what they defend against. (I know the parent was half-joking, I think that's a more general problem)

[jrimbault]

You don't even need JS. In French and in style:

    <p>un paragraphe <span style="font-size: 0;">pas si </span>innocent</p>

So disabling JS won't protect you from those.

[vbernat]

Most shells now support a bracketed paste mode. zsh: https://github.com/zsh-users/zsh/commit/98687fa1dec803f041cb..., bash: https://www.gnu.org/software/bash/manual/html_node/Readline-... (enable-bracketed-paste)

[itake]

iTerm gives you a warning if it thinks you just pasted in something malicious

[ospider]

I think it gives warning when you paste something ends with a `\n`.

[ReverseCold]

I think my zsh does something to detect copy paste (and not execute the command till I press enter), or it could be iTerm, no idea.