Is it a bug for zsh to run a quarantined script? [closed]

This answer pertains to macOS Monterey 12.0.1.

It is not a bug for zsh to execute a quarantined script. Below explains why I believe this to be true.

The issues raised in the OP's question are to do with the content of the com.apple.quarantine extended attribute and not necesarily to the existence of the attribute itself.

The TextEdit application is adding a com.apple.quarantine extended attribute when saving edited script files. My example script file named bar is shown below.

#!/bin/zsh
echo "hi there"

The content of this com.apple.quarantine extended attribute is given below.

0086;6198914d;TextEdit;

The article Quarantine and the quarantine flag refers to the first for characters (0086) as the quarantine value in hexadecimal. The 6198914d character string is the time at which the extended attribute was attached, in hexadecimal. After some testing, I determined the script will not execute (from the default zsh) with an zsh: operation not permitted: bar message when the 0x0004 bit is set. Otherwise, the script will execute. Since the 0x0004 bit is set in the quarantine value of 0x0086, the script is prevented from executing.

When using Safari to download a file from the internet, a com.apple.quarantine extended attribute is attached to the file. Example content of this com.apple.quarantine extended attribute is given below.

0083;61991274;Safari;773A774E-C8E8-41A4-8EC3-AF0E00656893

Here, the 0x0004 bit is not set in the quarantine value of 0x0083. This com.apple.quarantine extended attribute will not prevent a script from executing.

Regarding the Use of TextEdit

You can open the script in the TextEdit application, if any of the 0xFF40 bits are set. Otherwise, you get the following popup, if the 0x0004 bit is set.

Any other combination results in the following popup.

Of course, I did not try every 65536 possible integers for the quarantine value. Therefore, there may exist exceptions to what I posted above.