From 7067fe75f0402720c6a05b226d1ff4588c501e50 Mon Sep 17 00:00:00 2001 From: step Date: Fri, 16 Oct 2015 20:15:26 +0200 Subject: [PATCH 1/8] Create README.md --- README.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..a26d022 --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# securemodelines +A secure alternative to Vim modelines + +vim.org: http://www.vim.org/scripts/script.php?script_id=1876 + +script type: utility + +Vim's internal modeline support allows all sorts of annoying and potentially insecure options to be set. This script implements a much more heavily restricted modeline parser that permits only user-specified options to be set. + +The g:secure_modelines_allowed_items array contains allowable options. By default it is set as follows: +```vim + let g:secure_modelines_allowed_items = [ + \ "textwidth", "tw", + \ "softtabstop", "sts", + \ "tabstop", "ts", + \ "shiftwidth", "sw", + \ "expandtab", "et", "noexpandtab", "noet", + \ "filetype", "ft", + \ "foldmethod", "fdm", + \ "readonly", "ro", "noreadonly", "noro", + \ "rightleft", "rl", "norightleft", "norl" + \ ] +``` +The `g:secure_modelines_verbose` option, if set to something true, will make the script warn when a modeline attempts to set any other option. + +The `g:secure_modelines_modelines` option overrides the number of lines to check. By default it is 5. + +If `g:secure_modelines_leave_modeline` is defined, the script will not clobber &modeline. Otherwise &modeline will be unset. + +Keeping things up to date on vim.org is a nuisance. For the latest version, visit: + + http://github.com/ciaranm/securemodelines + +Install into your plugin directory of choice. From 96dbdb60862512408c0e47916e390cf81b551930 Mon Sep 17 00:00:00 2001 From: step Date: Fri, 16 Oct 2015 20:24:31 +0200 Subject: [PATCH 2/8] Create securemodelines.txt --- doc/securemodelines.txt | 55 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 doc/securemodelines.txt diff --git a/doc/securemodelines.txt b/doc/securemodelines.txt new file mode 100644 index 0000000..27581d7 --- /dev/null +++ b/doc/securemodelines.txt @@ -0,0 +1,55 @@ +*securemodelines.txt* A secure alternative to Vim modelines + +vim.org: http://www.vim.org/scripts/script.php?script_id=1876 + +For the latest version, visit: http://github.com/ciaranm/securemodelines + +Author: Ciaran McCreesh + +============================================================================== +0. Contents *securemodelines-toc* + + 1. Functionality...........................: |securemodelines-plugin| + 2. Options.................................: |securemodelines-options| + +============================================================================== + *securemodelines-plugin* + +1. Functionality + +Vim's internal modeline support allows all sorts of annoying and +potentially insecure options to be set. This script implements a much +more heavily restricted modeline parser that permits only user-specified +options to be set. + + *g:securemodelines-options* +2. Options + +The g:secure_modelines_allowed_items array contains allowable options. +By default it is set as follows: + + let g:secure_modelines_allowed_items = [ + \ "textwidth", "tw", + \ "softtabstop", "sts", + \ "tabstop", "ts", + \ "shiftwidth", "sw", + \ "expandtab", "et", "noexpandtab", "noet", + \ "filetype", "ft", + \ "foldmethod", "fdm", + \ "readonly", "ro", "noreadonly", "noro", + \ "rightleft", "rl", "norightleft", "norl" + \ ] + +The g:secure_modelines_verbose option, if set to something true, will +make the script warn when a modeline attempts to set any other option. + +The g:secure_modelines_modelines option overrides the number of lines to +check. By default it is 5. + +If g:secure_modelines_leave_modeline is defined, the script will not +clobber &modeline. Otherwise &modeline will be unset. + +Install into your plugin directory of choice. + +============================================================================== +vim:tw=78:ts=8:ft=help From 2e89f4e9f465e152807d9a50085374db12af1429 Mon Sep 17 00:00:00 2001 From: step Date: Fri, 16 Oct 2015 20:27:31 +0200 Subject: [PATCH 3/8] Update README.md --- README.md | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a26d022..e2d0332 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,6 @@ # securemodelines A secure alternative to Vim modelines -vim.org: http://www.vim.org/scripts/script.php?script_id=1876 - -script type: utility - Vim's internal modeline support allows all sorts of annoying and potentially insecure options to be set. This script implements a much more heavily restricted modeline parser that permits only user-specified options to be set. The g:secure_modelines_allowed_items array contains allowable options. By default it is set as follows: @@ -27,8 +23,6 @@ The `g:secure_modelines_modelines` option overrides the number of lines to check If `g:secure_modelines_leave_modeline` is defined, the script will not clobber &modeline. Otherwise &modeline will be unset. -Keeping things up to date on vim.org is a nuisance. For the latest version, visit: - - http://github.com/ciaranm/securemodelines - Install into your plugin directory of choice. + +vim.org: http://www.vim.org/scripts/script.php?script_id=1876 From 7d4994b38478629fc0c112aa6367adfc0ea17a1a Mon Sep 17 00:00:00 2001 From: step- Date: Sun, 18 Oct 2015 13:00:47 +0200 Subject: [PATCH 4/8] More documentation updates. --- README.md | 28 ++++++++---------------- doc/securemodelines.txt | 47 +++++++++++++++++++++++------------------ 2 files changed, 36 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index e2d0332..3dd21f4 100644 --- a/README.md +++ b/README.md @@ -3,25 +3,15 @@ A secure alternative to Vim modelines Vim's internal modeline support allows all sorts of annoying and potentially insecure options to be set. This script implements a much more heavily restricted modeline parser that permits only user-specified options to be set. -The g:secure_modelines_allowed_items array contains allowable options. By default it is set as follows: -```vim - let g:secure_modelines_allowed_items = [ - \ "textwidth", "tw", - \ "softtabstop", "sts", - \ "tabstop", "ts", - \ "shiftwidth", "sw", - \ "expandtab", "et", "noexpandtab", "noet", - \ "filetype", "ft", - \ "foldmethod", "fdm", - \ "readonly", "ro", "noreadonly", "noro", - \ "rightleft", "rl", "norightleft", "norl" - \ ] -``` -The `g:secure_modelines_verbose` option, if set to something true, will make the script warn when a modeline attempts to set any other option. - -The `g:secure_modelines_modelines` option overrides the number of lines to check. By default it is 5. - -If `g:secure_modelines_leave_modeline` is defined, the script will not clobber &modeline. Otherwise &modeline will be unset. +The `g:secure_modelines_allowed_items` array contains allowed options. See `:help securemodelines_options` for default values. + +The `g:secure_modelines_verbose` variable, if set to something true, will make the script warn when a modeline attempts to set any other option. + +The `g:secure_modelines_modelines` variable overrides the number of lines to check. By default it is 5. + +If `g:secure_modelines_leave_modeline` is defined, the script will not clobber &modeline. Otherwise &modeline will be unset. + +Keeping things up to date on vim.org is a nuisance. For the latest version, visit: http://github.com/ciaranm/securemodelines Install into your plugin directory of choice. diff --git a/doc/securemodelines.txt b/doc/securemodelines.txt index 27581d7..66f6ab3 100644 --- a/doc/securemodelines.txt +++ b/doc/securemodelines.txt @@ -9,11 +9,12 @@ Author: Ciaran McCreesh ============================================================================== 0. Contents *securemodelines-toc* - 1. Functionality...........................: |securemodelines-plugin| - 2. Options.................................: |securemodelines-options| + 1. Functionality..........................: |securemodelines-plugin| + 2. Plugin settings........................: |securemodelines-settings| + 2.1 Allowed modeline options...............: |securemodelines_options| ============================================================================== - *securemodelines-plugin* + *securemodelines-plugin* 1. Functionality @@ -22,29 +23,35 @@ potentially insecure options to be set. This script implements a much more heavily restricted modeline parser that permits only user-specified options to be set. - *g:securemodelines-options* + *securemodelines-settings* 2. Options -The g:secure_modelines_allowed_items array contains allowable options. +The g:secure_modelines_allowed_items array contains allowed options. By default it is set as follows: - let g:secure_modelines_allowed_items = [ - \ "textwidth", "tw", - \ "softtabstop", "sts", - \ "tabstop", "ts", - \ "shiftwidth", "sw", - \ "expandtab", "et", "noexpandtab", "noet", - \ "filetype", "ft", - \ "foldmethod", "fdm", - \ "readonly", "ro", "noreadonly", "noro", - \ "rightleft", "rl", "norightleft", "norl" - \ ] - -The g:secure_modelines_verbose option, if set to something true, will + *securemodelines_options* + let g:secure_modelines_allowed_items = [ + \ "textwidth", "tw", + \ "softtabstop", "sts", + \ "tabstop", "ts", + \ "shiftwidth", "sw", + \ "expandtab", "et", "noexpandtab", "noet", + \ "filetype", "ft", + \ "foldmethod", "fdm", + \ "readonly", "ro", "noreadonly", "noro", + \ "rightleft", "rl", "norightleft", "norl", + \ "cindent", "cin", "nocindent", "nocin", + \ "smartindent", "si", "nosmartindent", "nosi", + \ "autoindent", "ai", "noautoindent", "noai", + \ "spell", "nospell", + \ "spelllang" + \ ] + +The g:secure_modelines_verbose variable, if set to something true, will make the script warn when a modeline attempts to set any other option. -The g:secure_modelines_modelines option overrides the number of lines to -check. By default it is 5. +The g:secure_modelines_modelines variable overrides the number of lines +to check. By default it is 5. If g:secure_modelines_leave_modeline is defined, the script will not clobber &modeline. Otherwise &modeline will be unset. From 648010e10347c54e174f5bec82d705fd39ac047f Mon Sep 17 00:00:00 2001 From: step- Date: Sun, 18 Oct 2015 13:26:02 +0200 Subject: [PATCH 5/8] Just re-align some code lines. --- plugin/securemodelines.vim | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/plugin/securemodelines.vim b/plugin/securemodelines.vim index e23429f..5c14b1d 100644 --- a/plugin/securemodelines.vim +++ b/plugin/securemodelines.vim @@ -13,19 +13,19 @@ let g:loaded_securemodelines = 1 if (! exists("g:secure_modelines_allowed_items")) let g:secure_modelines_allowed_items = [ - \ "textwidth", "tw", - \ "softtabstop", "sts", - \ "tabstop", "ts", - \ "shiftwidth", "sw", - \ "expandtab", "et", "noexpandtab", "noet", - \ "filetype", "ft", - \ "foldmethod", "fdm", - \ "readonly", "ro", "noreadonly", "noro", - \ "rightleft", "rl", "norightleft", "norl", - \ "cindent", "cin", "nocindent", "nocin", - \ "smartindent", "si", "nosmartindent", "nosi", - \ "autoindent", "ai", "noautoindent", "noai", - \ "spell", "nospell", + \ "textwidth", "tw", + \ "softtabstop", "sts", + \ "tabstop", "ts", + \ "shiftwidth", "sw", + \ "expandtab", "et", "noexpandtab", "noet", + \ "filetype", "ft", + \ "foldmethod", "fdm", + \ "readonly", "ro", "noreadonly", "noro", + \ "rightleft", "rl", "norightleft", "norl", + \ "cindent", "cin", "nocindent", "nocin", + \ "smartindent", "si", "nosmartindent", "nosi", + \ "autoindent", "ai", "noautoindent", "noai", + \ "spell", "nospell", \ "spelllang" \ ] endif From 74a3f2171583bb23cdf4336c5ecad6488f340548 Mon Sep 17 00:00:00 2001 From: step- Date: Sun, 18 Oct 2015 13:36:10 +0200 Subject: [PATCH 6/8] Add 'formatoptions', which vim's help file do use. Re-align some text. At this point all options that occur in vim's standard help files are covered except for 'iskeyword' 'isk'. To check which options occur I used: tail -qn1 /usr/share/vim/vim74/doc/*.txt | awk -v RS=: '{o[$0]=$0}END{for(k in o)print k}'|sort -u --- doc/securemodelines.txt | 33 +++++++++++++++++---------------- plugin/securemodelines.vim | 31 ++++++++++++++++--------------- 2 files changed, 33 insertions(+), 31 deletions(-) diff --git a/doc/securemodelines.txt b/doc/securemodelines.txt index 66f6ab3..1b91f98 100644 --- a/doc/securemodelines.txt +++ b/doc/securemodelines.txt @@ -30,22 +30,23 @@ The g:secure_modelines_allowed_items array contains allowed options. By default it is set as follows: *securemodelines_options* - let g:secure_modelines_allowed_items = [ - \ "textwidth", "tw", - \ "softtabstop", "sts", - \ "tabstop", "ts", - \ "shiftwidth", "sw", - \ "expandtab", "et", "noexpandtab", "noet", - \ "filetype", "ft", - \ "foldmethod", "fdm", - \ "readonly", "ro", "noreadonly", "noro", - \ "rightleft", "rl", "norightleft", "norl", - \ "cindent", "cin", "nocindent", "nocin", - \ "smartindent", "si", "nosmartindent", "nosi", - \ "autoindent", "ai", "noautoindent", "noai", - \ "spell", "nospell", - \ "spelllang" - \ ] +let g:secure_modelines_allowed_items = [ + \ "textwidth", "tw", + \ "softtabstop", "sts", + \ "tabstop", "ts", + \ "shiftwidth", "sw", + \ "expandtab", "et", "noexpandtab", "noet", + \ "filetype", "ft", + \ "foldmethod", "fdm", + \ "formatoptions", "fo", + \ "readonly", "ro", "noreadonly", "noro", + \ "rightleft", "rl", "norightleft", "norl", + \ "cindent", "cin", "nocindent", "nocin", + \ "smartindent", "si", "nosmartindent", "nosi", + \ "autoindent", "ai", "noautoindent", "noai", + \ "spell", "nospell", + \ "spelllang" + \ ] The g:secure_modelines_verbose variable, if set to something true, will make the script warn when a modeline attempts to set any other option. diff --git a/plugin/securemodelines.vim b/plugin/securemodelines.vim index 5c14b1d..fdbf018 100644 --- a/plugin/securemodelines.vim +++ b/plugin/securemodelines.vim @@ -13,21 +13,22 @@ let g:loaded_securemodelines = 1 if (! exists("g:secure_modelines_allowed_items")) let g:secure_modelines_allowed_items = [ - \ "textwidth", "tw", - \ "softtabstop", "sts", - \ "tabstop", "ts", - \ "shiftwidth", "sw", - \ "expandtab", "et", "noexpandtab", "noet", - \ "filetype", "ft", - \ "foldmethod", "fdm", - \ "readonly", "ro", "noreadonly", "noro", - \ "rightleft", "rl", "norightleft", "norl", - \ "cindent", "cin", "nocindent", "nocin", - \ "smartindent", "si", "nosmartindent", "nosi", - \ "autoindent", "ai", "noautoindent", "noai", - \ "spell", "nospell", - \ "spelllang" - \ ] + \ "textwidth", "tw", + \ "softtabstop", "sts", + \ "tabstop", "ts", + \ "shiftwidth", "sw", + \ "expandtab", "et", "noexpandtab", "noet", + \ "filetype", "ft", + \ "foldmethod", "fdm", + \ "formatoptions", "fo", + \ "readonly", "ro", "noreadonly", "noro", + \ "rightleft", "rl", "norightleft", "norl", + \ "cindent", "cin", "nocindent", "nocin", + \ "smartindent", "si", "nosmartindent", "nosi", + \ "autoindent", "ai", "noautoindent", "noai", + \ "spell", "nospell", + \ "spelllang" + \ ] endif if (! exists("g:secure_modelines_verbose")) From 6624517e6b540c12ce14dbcadce6b5e9233a1c24 Mon Sep 17 00:00:00 2001 From: step- Date: Fri, 15 Jan 2016 17:57:27 +0100 Subject: [PATCH 7/8] Add .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..926ccaa --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +doc/tags From 2ca297d66beb5ff249cc71c457b53fc5b01ee5b9 Mon Sep 17 00:00:00 2001 From: step- Date: Fri, 15 Jan 2016 18:45:45 +0100 Subject: [PATCH 8/8] Allow 'foldmarker=[[[,]]]' --- plugin/securemodelines.vim | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugin/securemodelines.vim b/plugin/securemodelines.vim index fdbf018..facef43 100644 --- a/plugin/securemodelines.vim +++ b/plugin/securemodelines.vim @@ -20,6 +20,7 @@ if (! exists("g:secure_modelines_allowed_items")) \ "expandtab", "et", "noexpandtab", "noet", \ "filetype", "ft", \ "foldmethod", "fdm", + \ "foldmarker", "fmr", \ "formatoptions", "fo", \ "readonly", "ro", "noreadonly", "noro", \ "rightleft", "rl", "norightleft", "norl", @@ -55,7 +56,7 @@ fun! IsInList(list, i) abort endfun fun! DoOne(item) abort - let l:matches = matchlist(a:item, '^\([a-z]\+\)\%([-+^]\?=[a-zA-Z0-9_\-,.]\+\)\?$') + let l:matches = matchlist(a:item, '^\([a-z]\+\)\%([-+^]\?=[a-zA-Z0-9_\-,.\[\]]\+\)\?$') if len(l:matches) > 0 if IsInList(g:secure_modelines_allowed_items, l:matches[1]) exec "setlocal " . a:item