Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ypcrts/securemodelines

Secure alternative to Vim modelines. Maintained, active fork.
https://github.com/ypcrts/securemodelines

modeline security vim vim-modelines vim-plugin

Last synced: 4 months ago
JSON representation

Secure alternative to Vim modelines. Maintained, active fork.

Awesome Lists containing this project

README 

        

# securemodelines

A secure alternative to Vim modelines



This is a maintained fork of the [original vimscript](https://github.com/ciaranm/securemodelines).



## Description



Vim's internal modeline support allows all sorts of annoying and potentially

insecure options to be set. This script implements a much more heavily

restricted modeline parser that permits only user-specified options to be set.



## Installation



No configuration required.

Using [vim-plug](https://github.com/junegunn/vim-plug)

```vim

Plug 'ypcrts/securemodelines'

```



##  Internals

The `g:secure_modelines_allowed_items` array contains allowed options.  See

`:help securemodelines_options` for default values.



The `g:secure_modelines_verbose` variable, if set to something true, will make

the script warn when a modeline attempts to set any other option.



The `g:secure_modelines_modelines` variable overrides the number of lines to

check. By default it is 5.



If `g:secure_modelines_leave_modeline` is defined, the script will not clobber

&modeline. Otherwise &modeline will be unset.



If `b:disable_secure_modelines` is defined, securemodelines will not run for

the current buffer. The intent being to turn off securemodelines in an

ftplugin.



## Contributors



See the [contributors

graph](https://github.com/ypcrts/securemodelines/graphs/contributors).