Re-assign PR to security WG.

@SteveL-MSFT Sorry if I already said this but I feel we fall in unlimited problems and fixes. I would personally roll back this kind of coloring (it's a far cry from the spirit of PowerShell) and invest in Formatting system enhancement or better in something like PSMore.

@iSazonov PSMore is solving a different problem than PSStyle. The two are not mutually exclusive. ANSI/VT escape sequences are the industry standard way of emitting text decoration and works across ssh, xterm.js, Windows, Linux, macOS, native commands, etc... For PSMore to emit color, it will have to resort to ANSI/VT escape sequences anyways and we would still have this situation. Even if table/list formats don't use ANSI/VT, arbitrary scripts and native commands can and do emit ANSI/VT.

ANSI/VT escape sequences are the industry standard

I don't say about rejecting ESs - they are only implementation details. If we will continue on the way we obviously fall in re-implementing whole Windows Terminal in PowerShell! - there is no other way to ensure full processing of ESs in all scenarios.

arbitrary scripts and native commands can and do emit ANSI/VT.

This is my main frustration because we are provoking users to use ESs when the spirit and idea of PowerShell has always been to do magical things.

PSMore is solving a different problem than PSStyle.

I mentioned PSMore as a way to develop without breaking the existing Formatting System.
This would allow us to find right design and implement it step by step.
I'm sure we need (1) to delegate the details to the console and the terminal and (2) use higher abstractions in the formatting system and even more so in the PowerShell language itself.

Sorry for noisy :-)

@iSazonov I fully agree that the current formatting system needs to be revamped, but again, that's independent of ESC seqs. We can always adopt something like spectre.console and have something like "{red}hello {blue}there", although the benefit of "$($psstyle.foreground.red)hello" is you get tab completion. Anyways, I think this discussion is separate from this PR.

@SteveL-MSFT All you say is about string formatting. My proposal is to follow PowerShell spirit and invest in object formatting first.
String formatting fundamentally leads us to re-implement Windows Terminal in PowerShell.
Object-based formatting works well for years and could be improved for modern terminals (not easy work!). (As part of this problem I proposed Native cmdlet class #13428 which could universally collect all meta data about native command and allow PowerShell engine reliable communicate with the native app (as with regular cmdlet) including smart re-incoding input and output.)

This PR has 8 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

Label      : Extra Small
Size       : +5 -3
Percentile : 3.2%

Total files changed: 3

Change summary by file extension:
.cs : +4 -2
.ps1 : +1 -1

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

This pull request has been automatically marked as Review Needed because it has been there has not been any activity for 7 days.
Maintainer, please provide feedback and/or mark it as Waiting on Author

@PowerShell/powershell-maintainers Let's get at least one preview release before we approve backport

@SteveL-MSFT Just noticed this PR changed the default OutputRendering back to Host. Is that intentional? I thought we changed it to ANSI for a security issue. Is that security issue resolved after using the new regex for detecting ANSI sequences, so we can change back to Host? /cc @TravisEz13

🎉v7.3.0-preview.4 has been released which incorporates this pull request.:tada:

Handy links:

• Release Notes

@SteveL-MSFT Just noticed this PR changed the default OutputRendering back to Host. Is that intentional? I thought we changed it to ANSI for a security issue. Is that security issue resolved after using the new regex for detecting ANSI sequences, so we can change back to Host? /cc @TravisEz13

daxian, were you able to track down someone to answer this question for you, in another PR/Issue/etc perhaps? I'm curious to the answer myself.

My chat with @TravisEz13 suggested this is an intentional change, and Host will be used as the default unless another vulnerability is found with the regex.

@PowerShell/powershell-maintainers should discuss whether this should be backported.

Maintainers discussed this and have decided to wait until the committee has given a decision on #17455
Potentially backport both the changes to 7.2.x

/backport to release/v7.2.6

Started backporting to release/v7.2.6: https://github.com/PowerShell/PowerShell/actions/runs/2784876485

GitHub

Update regex used to remove ANSI escape sequences to be more specific to decoration and hyperlinks · PowerShell/PowerShell@0e4d2e4

PowerShell for every system! Contribute to PowerShell/PowerShell development by creating an account on GitHub.

🎉v7.2.6 has been released which incorporates this pull request.:tada:

Handy links:

• Release Notes