urxvt-confirm-paste - Man Page
ask for confirmation before pasting control characters
Description
Displays a confirmation dialog when a paste containing control characters is detected. The user can choose y to either paste a sanitized variant where all control characters are removed, p to paste the string unmodified or n to drop the paste request completely.
This is mostly meant as a defense-in-depth mechanism to protect against the common web browser bug of you selecting some text but the browser pasting a completely different text, which has some attack potential.
It can also be useful to prevent you from accidentally pasting large amounts of text.
Details
If a string containing unicode control characters (specifically U+0000 .. U+001F currrently) is pasted into the terminal, this extension will ask whether it should be pasted. Strings without control characters get pasted without prompt.
When a sanitized version is pasted (choice y), then contiguous sequences of those control characters will be replaced by a single spaces.
The exact detection and sanitization algorithm is subject to change in future versions.