Intro
This is just an informative post (so no new project), it will help you see why you should never copy-paste from a website into your terminal directly.
Debugging
Usually, when we debug we don't think twice about the site’s credibility we are so focused on solving the problem we are blind to any harm that can happen to us and our machine.
So we just copy-paste anything that we see, mostly when we just have to work with an IDE its not much of a problem, but if the issue needs us to copy-paste something on the terminal that’s when things get risky and we need to be more careful.
Some Examples
The thing is that the browser actually lets the devs listen to copy events and even change the content after the copying is done so usually this feature is exploited to harm people.
Please next time you copy something check the source or test it beforehand on a notepad or smth.
Now imagine instead of nope actually not dumbass
I could have written a reverse shell command and would've had a backdoor on your PC and the freedom to access your PC remotely at any time I want.
The scary thing is you don’t even need to press enter the attacker can just add \n
a trailing newline and immediately when you paste it will enter automatically.
Here is the JavaScript that makes this all happen please don't misuse it I'm sharing it just for educational purposes.
document.getElementById('test').addEventListener(
'copy', function(e){
e.clipboardData.setData('text/plain',
'nope actually not dumbass'
);
e.preventDefault();
})
You can check it out for yourself just copy the code below (at ur own risk!) ↓
$ this is totally safe
Conclusion
Take your time debugging, don’t copy-paste from random shitty sites, and stay safe! idc if u don’t now go shoo