github/wezterm
github/wezterm
1
0
Fork 0
mirror of https://github.com/wezterm/wezterm.git synced 2026-05-12 07:50:53 +00:00
Code Issues Projects Releases Packages Activity
A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust
8,565 commits 30 branches 114 tags 726 MiB
  • Rust 97.9%
  • Python 1%
  • Shell 0.8%
Find a file
Exact
Jeff Quast 577474d89e
 Prevent "screen scraping", disable DECRQCRA (#7701) 
* Security fix: prevent screen scraping

Problem
-------

DECRQCRA was added in 6cbb3ba43, for 9702d1cf5 (esctest integration) Sunday, March 17 2019.  Six days later, March 23 2019, although esctest was removed in c93f967bc, DECRQCRA remained enabled by default for all WezTerm releases since.

March 2023, @j4james mentioned WezTerm has this option enabled by default https://github.com/microsoft/terminal/issues/14974, "some people consider it a security risk"

September 2023, https://dgl.cx/2023/09/ansi-terminal-security#cursor-checksum article writes, "using DECRQCRA [..] potential attack here is reading what is displayed on the terminal before a user SSHes to a remote system."

By switching to "alternate screen", it also possible to recover last TUI display, such as contents of the file last opened in an editor.

Example CLI script scrapes screens '0' and '1' of WezTerm, https://github.com/jquast/blessed/blob/master/bin/screen-scrape.py

Solution
--------

Disable https://vt100.net/docs/vt510-rm/DECRQCRA.html by default, may be re-enabled by configuration.

---

Refs: https://github.com/wezterm/wezterm/pull/7701

Co-authored-by: Wez Furlong <wez@wezfurlong.org>
2026-03-31 04:00:28 -07:00
.cargo
.copr
.github ci: maybe fixup for rpm package split 2025-11-23 15:45:00 +00:00
assets
async_ossl
base91
bidi
bintree
ci Fix COPR virtual package installation on Fedora 43 2026-01-16 05:46:04 +00:00
codec
color-types
config Prevent "screen scraping", disable DECRQCRA (#7701) 2026-03-31 04:00:28 -07:00
deps
docs Prevent "screen scraping", disable DECRQCRA (#7701) 2026-03-31 04:00:28 -07:00
env-bootstrap log: add a missing newline 2026-01-08 13:20:11 +00:00
filedescriptor
frecency
lfucache
licenses
lua-api-crates
luahelper
mux
nix flake.lock: Update 2025-12-01 07:57:47 +00:00
procinfo
promise
pty
rangeset
ratelim
strip-ansi-escapes
sync-color-schemes
tabout
term Prevent "screen scraping", disable DECRQCRA (#7701) 2026-03-31 04:00:28 -07:00
termwiz Fix parsing of partial SGR mouse sequences 2026-01-17 15:35:15 +00:00
test-data
umask
vtparse
wezterm
wezterm-blob-leases wezterm-blob-leases: Use uuid v4 over v1 2026-01-17 15:44:28 +00:00
wezterm-cell
wezterm-char-props
wezterm-client
wezterm-dynamic
wezterm-escape-parser
wezterm-font
wezterm-gui
wezterm-gui-subcommands
wezterm-input-types
wezterm-mux-server
wezterm-mux-server-impl
wezterm-open-url
wezterm-ssh
wezterm-surface
wezterm-toast-notification Fix macOS notifications to display as toast popups 2026-01-17 15:25:26 +00:00
wezterm-uds
wezterm-version
window
.cirrus.yml
.dockerignore
.gitignore
.gitmodules
.mailmap
.rustfmt.toml
Cargo.lock wezterm-blob-leases: Use uuid v4 over v1 2026-01-17 15:44:28 +00:00
Cargo.toml wezterm-blob-leases: Use uuid v4 over v1 2026-01-17 15:44:28 +00:00
CONTRIBUTING.md
deny.toml
get-deps
LICENSE.md
Makefile
mkdocs_macros.py
PRIVACY.md
README-DISTRO-MAINTAINER.md
README.md

README.md

Wez's Terminal

WezTerm Icon A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust

User facing docs and guide at: https://wezterm.org/

Screenshot

Screenshot of wezterm on macOS, running vim

Installation

https://wezterm.org/installation

Getting help

This is a spare time project, so please bear with me. There are a couple of channels for support:

  • You can use the GitHub issue tracker to see if someone else has a similar issue, or to file a new one.
  • Start or join a thread in our GitHub Discussions; if you have general questions or want to chat with other wezterm users, you're welcome here!
  • There is a Matrix room via Element.io for (potentially!) real time discussions.

The GitHub Discussions and Element/Gitter rooms are better suited for questions than bug reports, but don't be afraid to use whichever you are most comfortable using and we'll work it out.

Supporting the Project

If you use and like WezTerm, please consider sponsoring it: your support helps to cover the fees required to maintain the project and to validate the time spent working on it!

Read more about sponsoring.