From 8e425c4e976017c09ed2a9b4402067b3595501cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Tue, 7 Jan 2025 12:58:44 +0100
Subject: [PATCH 1/4] csi: ignore 'CSI 21 t' - report window title

It's not widely used (don't know _any_ application that uses it), and
can be used to trick users to run unwanted commands.
---
 csi.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/csi.c b/csi.c
index 35a39f82..61cbdced 100644
--- a/csi.c
+++ b/csi.c
@@ -1354,10 +1354,14 @@ csi_dispatch(struct terminal *term, uint8_t final)
             }
 
             case 21: {
+#if 0  /* Disabled for now, see #1894 */
                 char reply[3 + strlen(term->window_title) + 2 + 1];
                 int chars = xsnprintf(
                     reply, sizeof(reply), "\033]l%s\033\\", term->window_title);
                 term_to_slave(term, reply, chars);
+#else
+                LOG_WARN("CSI 21 t (report window title) ignored");
+#endif
                 break;
             }
 

From 06a32d553e8d2613e3b4582199a317219f5cfc8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Tue, 7 Jan 2025 13:00:10 +0100
Subject: [PATCH 2/4] osc: ignore 'OSC 176 ?' - report app ID

It's not widely used (don't know _any_ application that uses it), and
can be used to trick users to run unwanted commands.
---
 osc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/osc.c b/osc.c
index 17639c19..e335dc61 100644
--- a/osc.c
+++ b/osc.c
@@ -1498,6 +1498,7 @@ osc_dispatch(struct terminal *term)
 
     case 176:
         if (string[0] == '?' && string[1] == '\0') {
+#if 0  /* Disabled for now, see #1894 */
             const char *terminator = term->vt.osc.bel ? "\a" : "\033\\";
             char *reply = xasprintf(
                 "\033]176;%s%s",
@@ -1506,6 +1507,9 @@ osc_dispatch(struct terminal *term)
 
             term_to_slave(term, reply, strlen(reply));
             free(reply);
+#else
+            LOG_WARN("OSC-176 app-id query ignored");
+#endif
             break;
         }
 

From d9bd9b7ffaf682e66629839bcfe6a8e668cf0822 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Tue, 7 Jan 2025 13:00:38 +0100
Subject: [PATCH 3/4] doc: ctlseqs: remove 'CSI 21 t'

---
 doc/foot-ctlseqs.7.scd | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/doc/foot-ctlseqs.7.scd b/doc/foot-ctlseqs.7.scd
index 60f78d83..f8eb1222 100644
--- a/doc/foot-ctlseqs.7.scd
+++ b/doc/foot-ctlseqs.7.scd
@@ -391,9 +391,6 @@ manipulation sequences. The generic format is:
 |  20
 :  -
 :  Report icon label.
-|  21
-:  -
-:  Report window title.
 |  22
 :  -
 :  Push window title+icon.

From bcc176cdf181b6b3a5b84edea8ce62b5f596b9e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Tue, 7 Jan 2025 13:00:50 +0100
Subject: [PATCH 4/4] changelog: 'CSI 21 t' and 'OSC 176 ?' disabled

---
 CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f98908fe..bc1d3bc3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -60,6 +60,13 @@
 ## Unreleased
 ### Added
 ### Changed
+
+* The `CSI 21 t` (report window title) and `OSC 176 ?` (report app-id)
+  escape sequences are now ignored ([#1894][1894]).
+
+[1894]: https://codeberg.org/dnkl/foot/issues/1894
+
+
 ### Deprecated
 ### Removed
 ### Fixed