mirror of
https://github.com/neovim/neovim.git
synced 2025-10-03 08:28:34 +00:00
vim-patch:9.1.1802: 'nowrap' in a modeline may hide malicious code (#35946)
Problem: 'nowrap' in a modeline may hide malicious code.
Solution: Forcibly use '>' as 'listchars' "extends" if 'nowrap' was set
from a modeline (zeertzjq).
Manual `:setlocal nowrap` disables this behavior. There is a separate
problem with `:set nowrap` that also applies to some other options.
related: vim/vim#18214
related: vim/vim#18399
closes: vim/vim#18425
9d5208a931
Cherry-pick some test_modeline.vim changes from patches 9.0.{0363,0626}.
This commit is contained in:
zeertzjq
5
runtime/lua/vim/_meta/options.lua
generated
5
runtime/lua/vim/_meta/options.lua
generated
@@ -8408,6 +8408,11 @@ vim.go.wiw = vim.go.winwidth
|
||||
--- See 'sidescroll', 'listchars' and `wrap-off`.
|
||||
--- This option can't be set from a `modeline` when the 'diff' option is
|
||||
--- on.
|
||||
--- If 'nowrap' was set from a `modeline` or in the `sandbox`, '>' is used
|
||||
--- as the `lcs-extends` character regardless of the value of the 'list'
|
||||
--- and 'listchars' options. This is to prevent malicious code outside
|
||||
--- the viewport from going unnoticed. Use `:setlocal nowrap` manually
|
||||
--- afterwards to disable this behavior.
|
||||
---
|
||||
--- @type boolean
|
||||
vim.o.wrap = true
|
||||
|
||||
Reference in New Issue
Block a user