John Beckett wrote: > Bram Moolenaar wrote: > > That's pretty nasty. I'll make a patch right away. > > Thanks. However, perhaps the modeline concept needs > more safety - defence in depth. > > Perhaps modelines should only allow a VERY limited set > of operations by default (even more restricted than now).
Sure, simply use ":set nomodeline". Even setting 'textwidth' to 2 may already be considered harmful, or at least annoying. > Googling for 'vim feedkeys joke' shows "April 1 joke" with > the following (I've replaced "vim" with "vvv"): > > vvv: foldmethod=expr:foldexpr=feedkeys( > "\\<esc>\\x3a%!cat\\x20-n\\<CR>\\<esc>\\x3a%s/./\:)/g\\<CR> > \\<esc>\\x3aq!\\<CR>"): > > I'm too lazy to unobfuscate this, but one glance tells you > that modelines should not be "fixed" - going down that path > is likely to give a new vulnerability every year. > > Instead, modelines should be SEVERELY limited by default. > Examples: > Total length < 100 bytes. > No expressions; no function calls; no execution. > Treat a double-quoted string as if in single quotes. > Is folding really needed in a default modeline? Modelines are already limited. You can't put commands there (like some old versions of vi did). Options with an expression are a border case. They are executed in the sandbox when an option was set from the modeline. Perhaps we can add yet-another-option to completely disable setting some options from the modeline. But I think it won't help much, most users won't take the time or even know about the option. It's better to make sure the sandbox works as it should. -- How To Keep A Healthy Level Of Insanity: 11. Specify that your drive-through order is "to go". /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
