From 294910a1ffd11bea0081c2b92632628ef0462eb1 Mon Sep 17 00:00:00 2001 From: Gregory Anders Date: Sat, 5 Nov 2022 19:30:48 -0600 Subject: feat(exrc): use vim.secure.read() for 'exrc' option --- runtime/doc/options.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'runtime/doc/options.txt') diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt index fd76f11046..6c1edb9c69 100644 --- a/runtime/doc/options.txt +++ b/runtime/doc/options.txt @@ -2264,6 +2264,20 @@ A jump table for the options with a short description can be found at |Q_op|. This option is reset when the 'paste' option is set and restored when the 'paste' option is reset. + *'exrc'* *'ex'* *'noexrc'* *'noex'* +'exrc' 'ex' boolean (default off) + global + Enables the reading of .nvimrc and .exrc files in the current + directory. + + The file is only sourced if the user indicates the file is trusted. If + it is, the SHA256 hash of the file contents and the full path of the + file are persisted to a trust database. The user is only prompted + again if the file contents change. See |vim.secure.read()|. + + This option cannot be set from a |modeline| or in the |sandbox|, for + security reasons. + *'fileencoding'* *'fenc'* *E213* 'fileencoding' 'fenc' string (default: "") local to buffer -- cgit From 6d9c3d903ecee2d1d21d0a0806f1a2bebe628e8e Mon Sep 17 00:00:00 2001 From: Gregory Anders Date: Sun, 6 Nov 2022 19:44:30 -0700 Subject: refactor: deprecate 'secure' option Now that 'exrc' files must be explicitly marked trusted there is no need to constrain what can be done in them. --- runtime/doc/options.txt | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'runtime/doc/options.txt') diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt index 6c1edb9c69..0895d980f5 100644 --- a/runtime/doc/options.txt +++ b/runtime/doc/options.txt @@ -5129,19 +5129,6 @@ A jump table for the options with a short description can be found at |Q_op|. two letters (See |object-motions|). The default makes a section start at the nroff macros ".SH", ".NH", ".H", ".HU", ".nh" and ".sh". - *'secure'* *'nosecure'* *E523* -'secure' boolean (default off) - global - When on, ":autocmd", shell and write commands are not allowed in - ".nvimrc" and ".exrc" in the current directory and map commands are - displayed. Switch it off only if you know that you will not run into - problems, or when the 'exrc' option is off. On Unix this option is - only used if the ".nvimrc" or ".exrc" is not owned by you. This can be - dangerous if the systems allows users to do a "chown". You better set - 'secure' at the end of your |init.vim| then. - This option cannot be set from a |modeline| or in the |sandbox|, for - security reasons. - *'selection'* *'sel'* 'selection' 'sel' string (default "inclusive") global -- cgit