To view our proof of concept, try running this (it's relatively harmless):
This example makes your terminal ding if supported, and garbles any further input or output in that terminal session, without making any permanent changes. Exit the session to reset it.
When cUrl fetches a website, it prints the raw contents to standard output, including ASCII escape characters.
When a terminal emulator comes across an ASCII escape character, it does what the escape sequence tells it to do.
This allows us to make your terminal go "ding", garble all text output from your terminal and hide things like malicious code.
cat -v escapes escape characters, so running
curl -s https://dont-curl.me | cat -v will allow you to see the script without it messing up your terminal.
Be wary of anything printing raw output to your terminal. You can use
less to view files without being affected by ASCII escape codes.
We were inspired by this blog post to make a proof of concept about how ANSI escape can be harmful.