I do that regardless because I'm super paranoid about stuff like this but I'm really wondering if I'm not taking it a bit too far. I've also yet to run into any kind of attempt to pull a stunt like this in a very long time of activity so I'm wondering what the actual incidence is.
I generally find it worth it for the simple risk that you may end up breaking stuff without anything malicious on behalf of the site.
E.g. cut and paste a command and get a linebreak in the wrong location and the "rm -rf /var/tmp/foo" turns into "rm -rf /var/". Fun times.
These days I'm more and more often just spinning up temporary containers as well. Not so much for security as to avoid making a mess of my environment with all the stuff I'm testing. So trivial to start out with a "docker run --rm -t -i ubuntu -v /some/suitable/host/dir:/mnt /bin/bash -l" or similar to get a fresh container with a directory I can dump anything I decide I want to keep in.
So is it safe to cut-and-paste that line there ;) ?
I type very fast but if I see a 100+ character line with a whole bunch of flags and what not the chances of introducing a fatality while re-typing it (was that / var or /var?) are quite large.
And of course anything that involves 'rm' or other nice and friendly commands gets an extra eyeball but at some point you have to decide to pull the trigger or not.
