From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 16 Dec 2020 22:38:20 +0000 (+0100)
Subject: TODO: Prevent terminal injection when writing to terminal
X-Git-Tag: curl-7_75_0~229
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f25112074d8c501de39f5174b534501b4ce3781f;p=thirdparty%2Fcurl.git

TODO: Prevent terminal injection when writing to terminal

Closes #6150
---

diff --git a/docs/TODO b/docs/TODO
index 2b3117c048..6a9f8cf62c 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -163,6 +163,7 @@
  18.21 retry on the redirected-to URL
  18.23 Set the modification date on an uploaded file
  18.24 Use multiple parallel transfers for a single download
+ 18.25 Prevent terminal injection when writing to terminal
 
  19. Build
  19.1 roffit
@@ -1170,6 +1171,15 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 
  See https://github.com/curl/curl/issues/5774
 
+18.25 Prevent terminal injection when writing to terminal
+
+ curl could offer an option to make escape sequence either non-functional or
+ avoid cursor moves or similar to reduce the risk of a user getting tricked by
+ clever tricks.
+
+ See https://github.com/curl/curl/issues/6150
+
+
 19. Build
 
 19.1 roffit