On Mon, 12 Jul 2004 09:05:53 -0400, N. Thomas <[EMAIL PROTECTED]> wrote:
> * Jos? de Paula <[EMAIL PROTECTED]> [2004-07-08 23:38:22 -0300]:
> > The nvi manual page says that modelines will never be implemented.
> > Does anyone know the rationale behind this
> Probably because it's a *huge* security risk. Modelines will cause vi to
> read commands from the file. Can you imagine what it could do in the
> wrong hands?
Yes, I can imagine. The last thing we need is macro viruses in a text editor.
However, I believe (please prove me wrong) that restricting the possible
commands on a modeline only to arguments for :set (like vim does) doesn't pose
a security risk.

> Even Vim, preeminent among vi clones, uses only a "stripped down"
> modeline. From the online Vim manual:
>     No other commands than "set" are supported, for security reasons
>     (somebody might create a Trojan horse text file with modelines).
Yep, I saw that; I had this in mind when suggesting modelines for nvi. 
Actually I'm hacking a quick-and-dirty modeline implementation for nvi,
`a la vim (i.e., only accept 'set ' arguments on the modeline). I will post it
somewhere (probably on Usenet, comp.editors) when it is at least compilable.

> Is there something that you want to do with modelines that you can't do
> in nvi?
I can always use nvi -c 'commands', but I think it would be nice  to
have automatic
ts/sw/whatever settings according to the individual file I am editing.
Besides, this is more to increase nvi's compatibility with original vi
than anything else. Think of it as "art for art's sake"; for the
utility, we already have ${FAVORITE_EDITOR}.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to