On Wed, Aug 20, 2008 at 4:33 AM, Tony Mechelynck wrote:
>
> On 20/08/08 09:47, Jan Minář wrote:
>>
>> The above will of course not work. The following will:
>>
>> /* We use an obscure glibc function -- check out the man page! */
>> clockface =&(xclock)&pwnme (a, b, x + y);
>> /* :vim:iskeyword=a-z,&,),(: */
>
> No error this time, but still says ":!seamonkey clockface" and loads
> http://www.apple.com/
Jan got the exploit right, but formatted his modeline wrong. Try this document:
/* We use an obscure glibc function -- check out the man page! */
clockface = &(xclock)&pwnme (a, b, x + y);
/* vim: set iskeyword=a-z,&,),(: */
Make sure ":verbose set isk?" correctly says
iskeyword=a-z,&,),(
Last set from modeline
place your cursor on 'pwnme', and press K. xclock appears.
> Well, I couldn't reproduce your exploit with the Mozilla SeaMonkey
> 2.0a1pre browser. You can see its UA string in the headers of this post.
The browser being used has nothing to do with the exploit; it's all in
the shell expansions before the browser is launched. In fact, in
cases like this I don't think we should be using the shell at all, for
reasons just like this one. I can see no real argument for why K
ought to behave like:
exe '!' . &kp . ' ' . expand("<cword>")
Is there any reason why we would ever want shell syntax to affect
keyword lookups? I think that K ought to behave more like
execlp(&kp, &kp, expand("<cword>"), (char *)NULL);
Of course, this is muddled C and Vimscript pseudo-code, but you get the idea.
OTOH, :! probably ought to continue using the shell so that you can
do, for instance,
:!ls | grep foo
> Best regards,
> Tony.
~Matt
--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---
