tag: 1.2
commit 7e9cc0519e371f6d368ede1e6561b8d224f0d4d7
Author: João Távora <[email protected]>
Commit: João Távora <[email protected]>
Fix #154: fix potential security issue fontifying LSP doc
Previously, a server could mistankely or maliciously call *-mode
functions by in the response to a completion or hover request,
specifically in the :documentation field of the response.
Although there are plenty of similar avenues of attack in Emacs, it's
probably a good idea not to let LSP servers decide which functions to
call in an Emacs session running Eglot.
* eglot.el (eglot--format-markup): Call major-mode to fontify
buffer, not some dynamically constructed function name.
(eglot-completion-at-point): Ensure eglot--format-markup runs in
source buffer.
---
eglot.el | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/eglot.el b/eglot.el
index c382c67..f4a02ac 100644
--- a/eglot.el
+++ b/eglot.el
@@ -810,7 +810,7 @@ Doubles as an indicator of snippet support."
(if (stringp markup) (list (string-trim markup)
(intern "gfm-mode"))
(list (plist-get markup :value)
- (intern (concat (plist-get markup :language) "-mode"
))))))
+ major-mode))))
(with-temp-buffer
(ignore-errors (funcall mode))
(insert string) (font-lock-ensure) (buffer-string))))
@@ -1585,11 +1585,13 @@ is not active."
(get-text-property
0 'eglot--lsp-completion obj)
:cancel-on-input t)
- :documentation)))))
- (when documentation
+ :documentation))))
+ (formatted (and documentation
+ (eglot--format-markup documentation))))
+ (when formatted
(with-current-buffer (get-buffer-create " *eglot doc*")
(erase-buffer)
- (insert (eglot--format-markup documentation))
+ (insert formatted)
(current-buffer)))))
:company-prefix-length
(cl-some #'looking-back
