Comment 5 for bug 1890286

Jason A. Donenfeld (zx2c4) wrote :

I'm not convinced that really cuts it. Namely, from the diff:

- print(" %s" % (info["description"] or ""))
+ # strip ANSI escape sequences
+ description = re.sub(r"(\x9B|\x1B\[)[0-?]*[ -/]*[@-~]",
+ "", info["description"] or "")
+ print(" %s" % description)

There are sequences that don't get filtered by that. Aside from the usual things like \r or \b, it looks like lists a few codes that defy it too. While that diff above might be the "stackoverflow answer", it doesn't seem complete.

Instead, why not just adopt a whitelist policy? Only allow visible and space characters, or something like that.