On Tue, Jul 10, 2018 at 7:39 PM, Bram Moolenaar <[email protected]> wrote: > > Patch 8.1.0177 > Problem: Defining function in sandbox is inconsistent, cannot use :function > but can define a lambda. > Solution: Allow defining a function in the sandbox, but also use the sandbox > when executing it. (closes #3182) > Files: src/userfunc.c, src/ex_cmds.h
I suppose that something like the attached will have to be included with the next runtime files update then. Best regards, Tony. -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
# HG changeset patch # Parent d01478fa739949772209566738f96bb7aaf4ea7d document patch 8.1.177 diff --git a/runtime/doc/eval.txt b/runtime/doc/eval.txt --- a/runtime/doc/eval.txt +++ b/runtime/doc/eval.txt @@ -11571,17 +11571,17 @@ The 'foldexpr', 'formatexpr', 'includeex 'foldtext' options may be evaluated in a sandbox. This means that you are protected from these expressions having nasty side effects. This gives some safety for when these options are set from a modeline. It is also used when the command from a tags file is executed and for CTRL-R = in the command line. The sandbox is also used for the |:sandbox| command. These items are not allowed in the sandbox: - changing the buffer text - - defining or changing mapping, autocommands, functions, user commands + - defining or changing mapping, autocommands, user commands - setting certain options (see |option-summary|) - setting certain v: variables (see |v:var|) *E794* - executing a shell command - reading or writing a file - jumping to another buffer or editing a file - executing Python, Perl, etc. commands This is not guaranteed 100% secure, but it should block most attacks. @@ -11592,16 +11592,17 @@ This is not guaranteed 100% secure, but *sandbox-option* A few options contain an expression. When this expression is evaluated it may have to be done in the sandbox to avoid a security risk. But the sandbox is restrictive, thus this only happens when the option was set from an insecure location. Insecure in this context are: - sourcing a .vimrc or .exrc in the current directory - while executing in the sandbox +- while in a function defined in the sandbox - value coming from a modeline Note that when in the sandbox and saving an option value and restoring it, the option will still be marked as it was set in the sandbox. ============================================================================== 12. Textlock *textlock*
