patch 9.1.1802: 'nowrap' in a modeline may hide malicious code
Problem: 'nowrap' in a modeline may hide malicious code. Solution: Forcibly use '>' as 'listchars' "extends" if 'nowrap' was set from a modeline (zeertzjq). Manual `:setlocal nowrap` disables this behavior. There is a separate problem with `:set nowrap` that also applies to some other options. related: #18214 related: #18399 closes: #18425 Signed-off-by: zeertzjq <zeertzjq@outlook.com> Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
committed by
Christian Brabandt
parent
ad43d2639d
commit
9d5208a931
@ -1,4 +1,4 @@
|
||||
*options.txt* For Vim version 9.1. Last change: 2025 Sep 26
|
||||
*options.txt* For Vim version 9.1. Last change: 2025 Sep 28
|
||||
|
||||
|
||||
VIM REFERENCE MANUAL by Bram Moolenaar
|
||||
@ -10259,6 +10259,11 @@ A jump table for the options with a short description can be found at |Q_op|.
|
||||
< See 'sidescroll', 'listchars' and |wrap-off|.
|
||||
This option can't be set from a |modeline| when the 'diff' option is
|
||||
on.
|
||||
If 'nowrap' was set from a |modeline| or in the |sandbox|, '>' is used
|
||||
as the |lcs-extends| character regardless of the value of the 'list'
|
||||
and 'listchars' options. This is to prevent malicious code outside
|
||||
the viewport from going unnoticed. Use `:setlocal nowrap` manually
|
||||
afterwards to disable this behavior.
|
||||
|
||||
*'wrapmargin'* *'wm'*
|
||||
'wrapmargin' 'wm' number (default 0)
|
||||
|
@ -1,4 +1,4 @@
|
||||
*version9.txt* For Vim version 9.1. Last change: 2025 Sep 26
|
||||
*version9.txt* For Vim version 9.1. Last change: 2025 Sep 28
|
||||
|
||||
|
||||
VIM REFERENCE MANUAL by Bram Moolenaar
|
||||
@ -41710,6 +41710,9 @@ Options: ~
|
||||
- 'rulerformat' now supports the |stl-%!| item
|
||||
- use 'smoothscroll' logic for CTRL-F / CTRL-B for pagewise scrolling
|
||||
and CTRL-D / CTRL-U for half-pagewise scrolling
|
||||
- Setting 'nowrap' in a modeline could cause long lines to be hidden
|
||||
off-screen. To make this visible, the listchars "extend" suboption is set
|
||||
to ">" by default, indicating text that extends beyond the window width.
|
||||
|
||||
Ex commands: ~
|
||||
- allow to specify a priority when defining a new sign |:sign-define|
|
||||
|
Reference in New Issue
Block a user