Allow foldmarker=[[[,]]] and formatoptions; add help doc/securemodelines.txt, add README

.gitignore

@@ -0,0 +1 @@
+doc/tags

README.md

@@ -0,0 +1,18 @@
+# securemodelines
+A secure alternative to Vim modelines
+
+Vim's internal modeline support allows all sorts of annoying and potentially insecure options to be set. This script implements a much more heavily restricted modeline parser that permits only user-specified options to be set. 
+
+The `g:secure_modelines_allowed_items` array contains allowed options.  See `:help securemodelines_options` for default values.
+
+The `g:secure_modelines_verbose` variable, if set to something true, will make the script warn when a modeline attempts to set any other option.
+
+The `g:secure_modelines_modelines` variable overrides the number of lines to check. By default it is 5.
+
+If `g:secure_modelines_leave_modeline` is defined, the script will not clobber &modeline. Otherwise &modeline will be unset.
+
+Keeping things up to date on vim.org is a nuisance. For the latest version, visit: http://github.com/ciaranm/securemodelines
+
+Install into your plugin directory of choice.
+
+vim.org: http://www.vim.org/scripts/script.php?script_id=1876

doc/securemodelines.txt

@@ -0,0 +1,63 @@
+*securemodelines.txt* A secure alternative to Vim modelines
+
+vim.org: http://www.vim.org/scripts/script.php?script_id=1876
+
+For the latest version, visit: http://github.com/ciaranm/securemodelines
+
+Author: Ciaran McCreesh
+
+==============================================================================
+0. Contents                                            *securemodelines-toc*
+
+        1.  Functionality..........................: |securemodelines-plugin|
+        2.  Plugin settings........................: |securemodelines-settings|
+        2.1 Allowed modeline options...............: |securemodelines_options|
+
+==============================================================================
+                                                      *securemodelines-plugin*
+
+1.  Functionality
+
+Vim's internal modeline support allows all sorts of annoying and
+potentially insecure options to be set. This script implements a much
+more heavily restricted modeline parser that permits only user-specified
+options to be set.
+
+                                                    *securemodelines-settings*
+2.  Options
+
+The g:secure_modelines_allowed_items array contains allowed options.
+By default it is set as follows:
+
+                                                     *securemodelines_options*
+let g:secure_modelines_allowed_items = [
+    \ "textwidth",       "tw",
+    \ "softtabstop",     "sts",
+    \ "tabstop",         "ts",
+    \ "shiftwidth",      "sw",
+    \ "expandtab",       "et",        "noexpandtab",    "noet",
+    \ "filetype",        "ft",
+    \ "foldmethod",      "fdm",
+    \ "formatoptions",   "fo",
+    \ "readonly",        "ro",        "noreadonly",     "noro",
+    \ "rightleft",       "rl",        "norightleft",    "norl",
+    \ "cindent",         "cin",       "nocindent",      "nocin",
+    \ "smartindent",     "si",        "nosmartindent",  "nosi",
+    \ "autoindent",      "ai",        "noautoindent",   "noai",
+    \ "spell",           "nospell",
+    \ "spelllang"
+    \ ]
+
+The g:secure_modelines_verbose variable, if set to something true, will
+make the script warn when a modeline attempts to set any other option.
+
+The g:secure_modelines_modelines variable overrides the number of lines
+to check. By default it is 5.
+
+If g:secure_modelines_leave_modeline is defined, the script will not
+clobber &modeline. Otherwise &modeline will be unset.
+
+Install into your plugin directory of choice.
+
+==============================================================================
+vim:tw=78:ts=8:ft=help

plugin/securemodelines.vim

@@ -13,21 +13,23 @@ let g:loaded_securemodelines = 1
 
 if (! exists("g:secure_modelines_allowed_items"))
     let g:secure_modelines_allowed_items = [
-                \ "textwidth",   "tw",
-                \ "softtabstop", "sts",
-                \ "tabstop",     "ts",
-                \ "shiftwidth",  "sw",
-                \ "expandtab",   "et",   "noexpandtab", "noet",
-                \ "filetype",    "ft",
-                \ "foldmethod",  "fdm",
-                \ "readonly",    "ro",   "noreadonly", "noro",
-                \ "rightleft",   "rl",   "norightleft", "norl",
-                \ "cindent",     "cin",  "nocindent", "nocin",
-                \ "smartindent", "si",   "nosmartindent", "nosi",
-                \ "autoindent",  "ai",   "noautoindent", "noai",
-                \ "spell", "nospell",
-                \ "spelllang"
-                \ ]
+        \ "textwidth",       "tw",
+        \ "softtabstop",     "sts",
+        \ "tabstop",         "ts",
+        \ "shiftwidth",      "sw",
+        \ "expandtab",       "et",        "noexpandtab",    "noet",
+        \ "filetype",        "ft",
+        \ "foldmethod",      "fdm",
+        \ "foldmarker",      "fmr",
+        \ "formatoptions",   "fo",
+        \ "readonly",        "ro",        "noreadonly",     "noro",
+        \ "rightleft",       "rl",        "norightleft",    "norl",
+        \ "cindent",         "cin",       "nocindent",      "nocin",
+        \ "smartindent",     "si",        "nosmartindent",  "nosi",
+        \ "autoindent",      "ai",        "noautoindent",   "noai",
+        \ "spell",           "nospell",
+        \ "spelllang"
+        \ ]
 endif
 
 if (! exists("g:secure_modelines_verbose"))
@@ -54,7 +56,7 @@ fun! <SID>IsInList(list, i) abort
 endfun
 
 fun! <SID>DoOne(item) abort
-    let l:matches = matchlist(a:item, '^\([a-z]\+\)\%([-+^]\?=[a-zA-Z0-9_\-,.]\+\)\?$')
+    let l:matches = matchlist(a:item, '^\([a-z]\+\)\%([-+^]\?=[a-zA-Z0-9_\-,.\[\]]\+\)\?$')
     if len(l:matches) > 0
         if <SID>IsInList(g:secure_modelines_allowed_items, l:matches[1])
             exec "setlocal " . a:item