triggers configuration: securely pass capture group

Skip to first unread message

Franklin Yu

Oct 30, 2022, 7:48:14 PM10/30/22
to iterm2-discuss
Hi folks,

This is a question about iTerm2 triggers. I noticed that iTerm2 can be configured to run any command upon a trigger. I would like to pass one of the captured groups as a command argument, but I’m concerned about security here. Do I understand correctly that iTerm2 will assemble the entire string (including string interpolation) before sending it to a shell? In other words, would my-command "\(matches[1])" with insecure matches lead to my machine being compromised?


George Nachman

Nov 1, 2022, 8:47:06 PM11/1/22
I wouldn’t recommend using a trigger like that when your adversary controls the input. You are correct that it could lead to problems.

You received this message because you are subscribed to the Google Groups "iterm2-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Reply all
Reply to author
0 new messages