PublicArchive/vim
2
0
Fork 0
mirror of https://github.com/vim/vim.git synced 2026-05-06 12:26:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

runtime(doc): clarify that viminfo file should be trusted

Browse Source 
Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2026-04-29 21:17:11 +00:00
parent 77499e009a
commit e7e35b9e38
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
runtime/doc/options.txt
+8
View File
@@ -10041,6 +10041,14 @@ A jump table for the options with a short description can be found at |Q_op|.
letter. Thus "KEEPTHIS and "K_L_M" are stored, but "KeepThis"
and "_K_L_M" are not. Nested List and Dict items may not be
read back correctly, you end up with an empty item.
Restoring |List|, |Dictionary| and |Tuple| variables is done by
parsing their textual form with the Vim expression evaluator.
Reading a viminfo file with "!" enabled is therefore only safe
when the file is trusted. In particular, do not enable "!"
before reading a viminfo file you obtained from another user,
downloaded, or that is writable by another account. See
also |viminfo-security|.
*viminfo-quote*
" Maximum number of lines saved for each register. Old name of
the '<' item, with the disadvantage that you need to put a
runtime/doc/starting.txt
+19 -1
View File
@@ -1,4 +1,4 @@
*starting.txt* For Vim version 9.2. Last change: 2026 Mar 17
*starting.txt* For Vim version 9.2. Last change: 2026 Apr 29
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -1573,6 +1573,24 @@ Session. You could have several Session files, one for each project you are
working on. Viminfo and Session files together can be used to effectively
enter Vim and directly start working in your desired setup. |session-file|
*viminfo-security*
A viminfo file written by Vim is plain text and contains Vim expressions for
|List|, |Dictionary| and |Tuple| values. When "!" is in 'viminfo' at the time
Vim processes the file as a viminfo file, those expressions are evaluated.
The default value of 'viminfo' does not include "!", so by default no
expression evaluation happens.
Opening a viminfo file in a buffer (e.g. with |:edit|) is harmless; Vim only
displays the file contents. The risk is letting Vim process an untrusted file
through the viminfo machinery, which happens when:
- |:rviminfo| is used on the file, or
- 'viminfofile' is set to point at it, or
- the file is placed at the path Vim already reads as viminfo
|viminfo-file-name|
In any of those cases, do not have "!" in 'viminfo' if you do not trust it.
*viminfo-read*
When Vim is started and the 'viminfo' option is non-empty, the contents of
the viminfo file are read and the info can be used in the appropriate places.