Bram Moolenaar wrote:
That's pretty nasty. I'll make a patch right away.
Thanks. However, perhaps the modeline concept needs more safety - defence in depth. Perhaps modelines should only allow a VERY limited set of operations by default (even more restricted than now). Googling for 'vim feedkeys joke' shows "April 1 joke" with the following (I've replaced "vim" with "vvv"): vvv: foldmethod=expr:foldexpr=feedkeys( "\\<esc>\\x3a%!cat\\x20-n\\<CR>\\<esc>\\x3a%s/./\:)/g\\<CR> \\<esc>\\x3aq!\\<CR>"): I'm too lazy to unobfuscate this, but one glance tells you that modelines should not be "fixed" - going down that path is likely to give a new vulnerability every year. Instead, modelines should be SEVERELY limited by default. Examples: Total length < 100 bytes. No expressions; no function calls; no execution. Treat a double-quoted string as if in single quotes. Is folding really needed in a default modeline? John
