The attack mentioned is to change the text when you go to copy it; that will get even people who carefully read every forum post before copying and pasting.
How many people review the snippet, copy, paste it into a text editor, re-review it, copy it, and then paste it into their shell?
Ctrl-X Ctrl-E in bash will open an editor for the current command, which is executed when the editor is exited. After the potential for exploit was publicised a few months ago, I use this every time and it's really not much more effort than just pasting into the shell. As a bonus, it means I don't have to worry about embedded newlines stopping me from tweaking the command before running it.
You can embed \x1b (escape) into a webpage. When you copy-and-paste that, it has the same effect as hitting ESC in the editor. So, I'd just have to make you copy "<evil command>#\x1b:wq\n" to also catch the case that you're using vim instead of directly pasting. However, I can't figure out a way to escape from nano.
(Tested it with the combination chromium+xterm+vim.)
I deem your point good. I didn't realize it entirely.
Still, since when I run GNU/Linux I never pasted a command line from a website into my terminal. This is just reckless. Borderline case, I understand what the example is showing me and then I apply.
How many people review the snippet, copy, paste it into a text editor, re-review it, copy it, and then paste it into their shell?