[Joker_vD]

There is also another escape sequence, OSC 1337, apparently already implemented in iTerm2 [0], which makes iTerm2 open the URL instead of printing it:

    The hypothetical new control code is different because it does not display a hyperlink; it directly opens the link using the appropriate system URL handler.

[0] https://gitlab.com/gnachman/iterm2/-/issues/10994

[lmz]

The commit linked there checks host only and not protocol for "always allow". I wonder if that's going to be a problem with some of the more interesting protocols.

[vin10]

It is guarded by a warning and requires explicit approval similar to browsers but yes, it does broaden the attack surface: https://gitlab.com/gnachman/iterm2/-/commit/fc9ae5c90f53cb1e...

[xvector]

iTerm2 has definitely not been designed with security in mind.

It has a massive and rapidly growing attack surface and quite a bit of feature bloat (literally hundreds of "features") - I would not recommend using it over Terminal for anyone security minded.