Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
Some terminal emulators implement an escape sequence that would
function similarly to <a href="...">
: you can use
it to associate a URL with a range of cells of your terminal screen,
in such a way that clicking those cells opens the hyperlink.
The sequence is in the OSC family, namely OSC 8. It's documented in
this 2020
gist from Egmont Koblinger, which says that it's already present
in VTE-derived terminals such as gnome-terminal
.
The PuTTY team's current position is that we don't think this is a good idea.
The gist linked above brushes off any consideration of security by simply saying:
This feature doesn't introduce anything that's not already present while browsing the web. Therefore we believe this feature doesn't have security aspects to worry about.
With respect to the author, this does not convince us. To put it mildly, the web is not the gold standard for security, and “no less secure than a web browser” is not much of a recommendation. In particular, it's commonplace for cautious users to regard their web browser as a less trusted part of the system than their text terminals, and use the terminal to cross-check things seen on the web. For this use, you need the terminal to be considerably more trustworthy than the web.
On the other hand, this system would at least remove one of the UI problems from the more obvious system for URL-launching from a terminal, in which the URL is simply printed on the screen as visible text, and the terminal emulator pattern-recognises it and offers the UI feature of clicking to launch it. One of the problems with that is that it's not possible to recognise reliably where the URL ends and following text begins. An explicit mark via OSC 8 would at least mean the terminal wouldn't need to guess which part of the data stream was the URL and which was not.
(Also, both of these URL-launching systems share a further UI problem, which is how you arrange that URL clickability does not detract from the usability of the existing mouse gestures to copy and paste. This is another case where web browsers fail significantly: often once text is linkified it becomes very hard to paste its literal content. Terminals should do better than that!)
At present, I think the only level of support we'd be prepared to consider for OSC 8 would be a 'passive' form: recognise the escape sequence, store the URL, and deliver it back to the user on demand in some way that shows it in full and lets them examine it in detail to paste into their web browser by hand. That would enable a PuTTY user to work with terminal applications that depended on this feature, without being totally unable to get at the links the application presented, but would provide several safety checks before a URL got as far as the browser. However, that's also a lot of work, so we'll wait to see whether any applications ever turn out to need it.