This is why I always copy a command into TextEdit (or Notepad on Windows) first, and then re-copy the clean text before pasting into my terminal.
While we are on the topic of copying and pasting. If the command downloads a script, make sure you download the script out-of-step via curl first, review its contents, and only then execute it. This avoids sites maliciously changing the script based on the User Agent.
Note that clever timing could get the "evil text" in your clipboard between checking in a text editor and pasting into the terminal. Hard to time correctly, but not impossible.
At first I thought "I don't do this; it's never seemed necessary", but actually, I think I do. Years of copying to a plain text editor to strip formatting have conditioned the behavior.
Yeah, I started to copy through a text box (usually the Windows Run (Win+R) box, which isn't exactly safe now that I think of it...) to strip formatting some time ago. It's pretty much necessary whenever you want to paste anything into GMail web interface. The web is getting more ridiculous every day...
TextEdit is RTF by default - I wonder if you can include control characters to screw with that? I use Sublime/Atom since those are plaintext by default.
That still relies on the second `curl` fetching the same instructions as the first (an invariant that a really nasty web server wouldn't have to obey). Wouldn't it be better to use a `tee` to make sure that what you read with `less` is exactly what's executed?
I use Quicksilver, and generally paste what I've copied there first. Also lets me strip the formatting, like pasting with Shift + Option + Command + V.
While we are on the topic of copying and pasting. If the command downloads a script, make sure you download the script out-of-step via curl first, review its contents, and only then execute it. This avoids sites maliciously changing the script based on the User Agent.