-
Bug
-
Resolution: Works As Intended
-
None
-
1.8.0
-
None
-
Confirmed
-
Windows
-
165827
The issue
When a command is pasted into chat, the command is instantly executed if it contains a newline, with no chance for the user to look at or edit it. This applies to regular chat messages, but is particularly harmful for commands.
A malicious application could send a command such as /kill @e or something equally harmful to the clipboard and instruct the player to paste it into chat. Normally that would not be a problem because the user would instantly recognize the command is not what they expect. However, if the command ends with (or otherwise contains) a newline, the command is evaluated immediately. The user would not be aware anything had gone wrong until it was too late.
How to reproduce
Copy the following to your clipboard, then paste it in-game in chat:
/say This could have been a more dangerous command!