fix: ghost cursor at (0,0) and ESC k title-set payload leak

[diegosouzapw]

Summary

Bundles two renderer/parser fixes for unrelated upstream issues, ported as a single PR because the changes don't touch overlapping files.

coder#122 — Ghost cursor stuck at (0,0)

The renderer skipped redrawing the previous cursor row in two cases:

• when lastCursorPosition.y === cursor.y (cursor moved on the same row)
• when buffer.isRowDirty(lastCursorPosition.y) (relied on the regular dirty pass)

Both shortcuts left a stale cursor glyph at the initial (0,0) position whenever later content moved the cursor on the same row using positional sequences (no cell content changing). Always redrawing the previous cursor row on cursorMoved is a trivial extra-render cost and guarantees the ghost is erased.

coder#153 — ESC k <text> ESC \ leaks payload as visible text

Ghostty WASM (commit 5714ed07) does not consume the GNU screen / tmux title-setting sequence. The parser logs unimplemented ESC action: ESC k and then prints <text> onto the grid plus consumes the trailing ESC \.

Fix: pre-filter input in Terminal.write to strip ESC k … (string and Uint8Array paths) before reaching WASM. OSC 0/1/2 title-set (ESC ] …) is untouched.

Attribution

• Ghost cursor appears at top-left (0,0) on initialization coder/ghostty-web#122: thanks to @mats16 for the precise minified-source diagnosis
• ESC k <text> ESC \ (screen/tmux title sequence) leaks payload as visible text coder/ghostty-web#153: thanks to @Fisher-Wang for the standalone repro

Test plan

• bun run fmt && bun run lint && bun run typecheck
• bun test — 335 tests pass (4 new regression tests for ESC k <text> ESC \ (screen/tmux title sequence) leaks payload as visible text coder/ghostty-web#153 cover ST terminator, BEL terminator, OSC 0 not-stripped, Uint8Array equivalence), 0 fail
• bun run build:lib
• Manual smoke test in bun run dev for Ghost cursor appears at top-left (0,0) on initialization coder/ghostty-web#122 (cursor visual cannot be asserted headless): write text + reposition cursor via \x1b[5;10H and confirm only one cursor visible at the new position

Risk

Low. The coder#122 fix adds at most one extra row-redraw per cursor move (negligible). The coder#153 strip runs a regex on every write payload but only matches in the rare ESC k path; OSC and other sequences pass through untouched.

Related issues observed as also-resolved by prior PRs

Posted as a separate rollup at _tasks/upstream-issues/_rollup-2026-05-23.md (gitignored). Notably coder#126 (line-drawing char gap) is the same root cause as #146a (font metric device-pixel alignment), already shipped in PR #6 — no new code needed.

[gemini-code-assist]

Code Review

This pull request addresses two main issues: a 'ghost cursor' bug and the leaking of 'ESC k' title sequences onto the terminal grid. In lib/renderer.ts, the logic was updated to always redraw the old cursor row when the cursor moves, ensuring the previous glyph is erased. In lib/terminal.ts, a stripUnimplementedTitleSequences method was introduced to filter out title sequences before they reach the WASM parser. Feedback indicates that the filtering logic is stateless and susceptible to failure if sequences are split across data chunks. Additionally, the renderer change introduces redundant draws for horizontal cursor movements, and there is a logic inconsistency between the string and byte-level implementations of the sequence filter.

[gemini-code-assist]

The stripUnimplementedTitleSequences method is stateless and does not handle escape sequences split across multiple write() calls. If a chunk ends mid-sequence, the remainder of the payload will be passed to the WASM terminal as plain text in the next call, leading to the "leak" this PR intends to fix. For a robust solution, this filtering should be integrated into a stateful parser or the WASM parser itself should be updated to handle these sequences.

[gemini-code-assist]

This check for the ST terminator (ESC \) will fail if the sequence is split across chunks such that the ESC is at the end of the current Uint8Array. In this case, the ESC will be incorrectly treated as part of the payload and stripped, and the subsequent \ in the next chunk will be passed to the terminal as literal text, potentially corrupting the output stream.

[gemini-code-assist]

The current logic results in redundant rendering when the cursor moves horizontally on the same row. In this case, cursor.y and this.lastCursorPosition.y are identical. The preceding block (lines 309-315) already ensures the row is rendered if it is not dirty. By removing the row inequality check, this row is now rendered twice in a single frame. Adding a check to ensure the rows are different would be more efficient.

      if (cursorMoved && !forceAll && this.lastCursorPosition.y !== cursor.y) {
        // Redraw the OLD cursor row to erase the previous cursor glyph
        // when the cursor has moved to a different row. If the cursor
        // moved horizontally on the same row, that row is already
        // handled by the redraw logic above or the regular dirty pass.
        const line = buffer.getLine(this.lastCursorPosition.y);
        if (line) {
          this.renderLine(line, this.lastCursorPosition.y, dims.cols);
        }
      }

[gemini-code-assist]

The regex used for string input ([^\x1b\x07]*) will stop at any ESC character, even if it is not followed by a backslash (the ST terminator). In contrast, the Uint8Array implementation (lines 577-589) correctly continues scanning until it finds a valid ST (ESC \) or BEL. This inconsistency means that certain payloads containing internal escape sequences will be handled differently depending on the input type.

Suggested change

	return data.replace(/\x1bk[^\x1b\x07]*(?:\x1b\\|\x07)/g, '');
	return data.replace(/\x1bk.*?(?:\x1b\\|\x07)/gs, '');

[sonarqubecloud]

Quality Gate failed

Failed conditions
47.9% Duplication on New Code (required ≤ 3%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE