From f25112074d8c501de39f5174b534501b4ce3781f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 16 Dec 2020 23:38:20 +0100
Subject: [PATCH] TODO: Prevent terminal injection when writing to terminal

Closes #6150
---
 docs/TODO | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/TODO b/docs/TODO
index 2b3117c048..6a9f8cf62c 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -163,6 +163,7 @@
  18.21 retry on the redirected-to URL
  18.23 Set the modification date on an uploaded file
  18.24 Use multiple parallel transfers for a single download
+ 18.25 Prevent terminal injection when writing to terminal
 
  19. Build
  19.1 roffit
@@ -1170,6 +1171,15 @@ that doesn't exist on the server, just like --ftp-create-dirs.
 
  See https://github.com/curl/curl/issues/5774
 
+18.25 Prevent terminal injection when writing to terminal
+
+ curl could offer an option to make escape sequence either non-functional or
+ avoid cursor moves or similar to reduce the risk of a user getting tricked by
+ clever tricks.
+
+ See https://github.com/curl/curl/issues/6150
+
+
 19. Build
 
 19.1 roffit