Add option to expand tabs but not other characters

[dgl]

less -U can be used to see nearly the source text, but this includes tab. There are cases where attacks like Trojan Source are possible via the backspace character, for example:

printf "echo evil #\b\b\b\b\b\bgood\n" > some-file
# compare the two below
less -R some-file # "good"
less -UR some-file # "evil"
sh some-file # "evil"

This works, however:

printf "\techo evil #\b\b\b\b\b\bgood\n" > some-file
less -UR some-file

Tabs look ugly and it's not possible to consider setting -U as a default in git diff and other such views, where source code is displayed.

We can prototype how this would look by creating a tabless like so:

cat > ~/bin/tabless <<'EOF'
#!/bin/sh
expand "$@" | exec less -UR
EOF
chmod +x ~/bin/tabless

# expands tabs, but shows backspaces raw.
tabless some-file

It would be good if tabless could be built into less in some form, i.e. allowing a way to expand tabs, but not allowing "trojan source" type attacks.

[gwsw]

In 9beb3e1 (less-624) you can use the --PROC-BACKSPACE option to display backspaces as ^H while still expanding tabs into spaces.

[dgl]

Thanks, on less-624 something like:
less -FRXU --proc-tab /tmp/some-file

Does as I desire.