TODO: Prevent terminal injection when writing to terminal

Closes #6150
author: Daniel Stenberg <daniel@haxx.se> 2020-12-16 23:38:20 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2020-12-16 23:38:20 +0100
commit: f25112074d8c501de39f5174b534501b4ce3781f (patch)
tree: 9604a836d18aea9c338fcf3e204ccb110f484e61
parent: d16fb4d0565487ba4c84fd8cc147759f3725a2d6 (diff)
download: curl-f25112074d8c501de39f5174b534501b4ce3781f.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index 2b3117c04..6a9f8cf62 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -163,6 +163,7 @@
  18.21 retry on the redirected-to URL
  18.23 Set the modification date on an uploaded file
  18.24 Use multiple parallel transfers for a single download
+ 18.25 Prevent terminal injection when writing to terminal
 
  19. Build
  19.1 roffit
@@ -1170,6 +1171,15 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 
  See https://github.com/curl/curl/issues/5774
 
+18.25 Prevent terminal injection when writing to terminal
+
+ curl could offer an option to make escape sequence either non-functional or
+ avoid cursor moves or similar to reduce the risk of a user getting tricked by
+ clever tricks.
+
+ See https://github.com/curl/curl/issues/6150
+
+
 19. Build
 
 19.1 roffit
author	Daniel Stenberg <daniel@haxx.se>	2020-12-16 23:38:20 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2020-12-16 23:38:20 +0100
commit	f25112074d8c501de39f5174b534501b4ce3781f (patch)
tree	9604a836d18aea9c338fcf3e204ccb110f484e61
parent	d16fb4d0565487ba4c84fd8cc147759f3725a2d6 (diff)
download	curl-f25112074d8c501de39f5174b534501b4ce3781f.tar.gz