[anonymousnotme]

I have command line program that I use to give me a list of window titles. If there are too many of certain kind (browser windows...), I close some until I get under a certain threshold. Anyway, I was reading the stuff in the articles and well the text in the terminal turned red after I got that list. Some terminal/shell combinations seem better at recovering than others. Firefox (and other browsers that have a similar problem) should sanitize title data. As other have pointed out, perhaps window managers should filter or not allow control/escape characters in the titles.

Just goes to show how important sanitizing data from unknown sources is.

Should curl, w3m, wget and similar sanitize the data? One can argue that some times you want to pipe the raw data and other times one might not be thinking about the escape sequences and get burned. I would be inclined to say that the tools should filter/escape the dangerous stuff and have a flag like "--raw".