Be paranoid about what you send. It’s really clear that any time you output attacker controlled values it can be exploited. I went through several iterations of adding escaping and every one had vulnerabilities. It wasn’t good until the only escaping that remained was very conservative (hex encoded).

I haven't had enough time to truly grasp the changes in the patch, but the use of a prefix, and a well known encoding scheme sounds a bit iffy to me.

What's stopping an attacker from looking at the definitions here: https://github.com/gnachman/iTerm2/commit/538d570ea54614d3a2... and using the same `NSUTF8StringEncoding` to build the same attacks?

EDIT: Of course GitHub doesn't follow fragment ids when they are part of a large diff, but you can open up `sources/TmuxController.m` yourself.

Not sure what you mean by NSUTF8StringEncoding. The important fact about encoding is that -encodedString:prefix: limits the output that iTerm2 produces to a very small set of characters from which it's hard to build an exploit.