From 5352f45b70ba9ae21cecfd694b4bc00e2e609183 Mon Sep 17 00:00:00 2001 From: Frank Terbeck Date: Sat, 25 Mar 2017 18:01:32 +0100 Subject: [PATCH] prompt_grml: Add documentation for strip-sensitive-characters --- etc/zsh/zshrc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/etc/zsh/zshrc b/etc/zsh/zshrc index 4d9b9ad..6b28940 100644 --- a/etc/zsh/zshrc +++ b/etc/zsh/zshrc @@ -2001,6 +2001,19 @@ function prompt_grml_help () { accordingly. Default (left): rc change-root user at host path vcs percent; Default (right): sad-smiley + - strip-sensitive-characters (boolean): If the \`prompt_subst' option + is active in zsh, the shell performs lots of expansions on prompt + variable strings, including command substitution. So if you don't + control where some of your prompt strings is coming from, this is + an exploitable weakness. Grml's zsh setup does not set this option + and it is off in the shell in zsh-mode by default. If it *is* turned + on however, this style becomes active, and there are two flavours of + it: On per default is a global variant in the '*:setup' context. This + strips characters after the whole prompt string was constructed. There + is a second variant in the '*:items:', that is off by default. + It allows fine grained control over which items' data is stripped. + The characters that are stripped are: \$ and \`. + Available styles in 'items:' are: pre, post. These are strings that are inserted before (pre) and after (post) the item in question. Thus, the following would cause the user name to be printed in red instead of the -- 2.1.4