On Wed, Aug 20, 2008 at 4:33 AM, Tony Mechelynck wrote: > > On 20/08/08 09:47, Jan Minář wrote: >> >> The above will of course not work. The following will: >> >> /* We use an obscure glibc function -- check out the man page! */ >> clockface =&(xclock)&pwnme (a, b, x + y); >> /* :vim:iskeyword=a-z,&,),(: */ > > No error this time, but still says ":!seamonkey clockface" and loads > http://www.apple.com/
Jan got the exploit right, but formatted his modeline wrong. Try this document: /* We use an obscure glibc function -- check out the man page! */ clockface = &(xclock)&pwnme (a, b, x + y); /* vim: set iskeyword=a-z,&,),(: */ Make sure ":verbose set isk?" correctly says iskeyword=a-z,&,),( Last set from modeline place your cursor on 'pwnme', and press K. xclock appears. > Well, I couldn't reproduce your exploit with the Mozilla SeaMonkey > 2.0a1pre browser. You can see its UA string in the headers of this post. The browser being used has nothing to do with the exploit; it's all in the shell expansions before the browser is launched. In fact, in cases like this I don't think we should be using the shell at all, for reasons just like this one. I can see no real argument for why K ought to behave like: exe '!' . &kp . ' ' . expand("<cword>") Is there any reason why we would ever want shell syntax to affect keyword lookups? I think that K ought to behave more like execlp(&kp, &kp, expand("<cword>"), (char *)NULL); Of course, this is muddled C and Vimscript pseudo-code, but you get the idea. OTOH, :! probably ought to continue using the shell so that you can do, for instance, :!ls | grep foo > Best regards, > Tony. ~Matt --~--~---------~--~----~------------~-------~--~----~ You received this message from the "vim_dev" maillist. For more information, visit http://www.vim.org/maillist.php -~----------~----~----~----~------~----~------~--~---