Re: Security Risk: (was vim 'less.sh' script probs w/folds)
Christian Brabandt wrote: Hi L.! On Di, 28 Mär 2017, L. A. Walsh wrote: Here is the problem -- I am not using "less.vim"... I type in (at the command prompt): less.sh Here is the problem: Why do you type less.sh and not less or more or most. And why is this in your path? I wanted syntax highlighting in less, so I copied 'less.sh' into ~/bin/vless for testing. If it was a suitable (compatible) pager, I might want it to replace less as a default when I'm doing SW development. At the very least, if it was 'less'-feature compatible, highlighting could be invoked as a special call out from 'less'. Note: my first attempt to get this functionality was to use the convert-to-HTML feature, and setup 'less' to display the syntax-colorized version of the file via 'lynx'. unfortunately 'lynx' doesn't implement text coloring, and the alternate, 'w3m' gave even worse looking output. So..why did I use less.sh? Because I followed the vim instructions to get 'vim' to be usable like "less" or "more". Neither of those utils hide blocks of text based on settings in the file. If I want smarter text display, I'd bring up the file in a text editor, like vim! ;-) Text files are supposed to be "dumb". From there, you can add on specific features. In this case, highlighting was supposed to be added to a 'less/more' like interface. That excludes automatic visual formatting of the text to look different than it does in the file. In the same way, I wouldn't expect vim to automatically justify text on output when trying to be a simple replacement for 'less/more' pagers, but w/syntax. I.e. the defaults should be the simple case as displayed in 'less/more'. Having options to add in hidden text or word-break line-folding are fine options -- just not for the default case where it's suppose to be like a dumb-text pager (except for HLing feature). "If you use the less or more program to view a file, you don't get syntax highlighting. Thus you would like to use Vim instead. You can do this by using the shell script "$VIMRUNTIME/macros/less.sh". So if I use less, and don't see syntax highlighting but want to, then I'd expect vim to do that (only because it is documented to do so in the help). In regards to the 2nd sentence... it is also, not quite accurate: when I saw the folds, the first thing I tried was 'zR' (which didn't work). You can still use :set nofoldenable --- It's not about all the different things that might work -- it's about the default inability to display the file as it is on disk (without folds or text processing markup). Do you use 'less' or try to display syntax HLing using 'less.sh'? What's the use case or reason for insisting that the script shouldn't function like 'more' or 'less' by default (as the documentation seems to indicate)? *curious*, Linda -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Security Risk: (was vim 'less.sh' script probs w/folds)
Hi L.! On Di, 28 Mär 2017, L. A. Walsh wrote: > Here is the problem -- I am not using "less.vim"... > > I type in (at the command prompt): > less.sh Here is the problem: Why do you type less.sh and not less or more or most. And why is this in your path? > In regards to the 2nd sentence... it is also, not > quite accurate: when I saw the folds, the > first thing I tried was 'zR' (which didn't work). You can still use :set nofoldenable Best, Christian -- Probstei: Körperteil eines Geistlichen, das wegen des Zölibats Pfarrerflucht auslösen kann -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Security Risk: (was vim 'less.sh' script probs w/folds)
Christian Brabandt wrote: On Mo, 27 Mär 2017, L. A. Walsh wrote: Why would you think it shouldn't be disabled? I.e. how does it help emulate the file-pagers 'less' or 'more' while providing syntax-coloring? Because less.vim does what Vim would do. Here is the problem -- I am not using "less.vim"... I type in (at the command prompt): less.sh I'm not directly using 'vim'... I'm using a ".sh" file included that is supposed to allow syntax highlighting. How likely is it, that a non-vim user gets into contact with less.vim? See above. No contact with less.vim was needed. It seems that if anyone was using less.sh to display files, as they would 'less' or 'more' (but w/syntax highlighting), then having text being hidden would seem to be a potential security risk, no? Where do you see a security risk? It is pretty obvious, that a fold is there, so it should be easy to disable it and then you see what is hidden behind a fold. "What's a fold" (i.e. a vim-naive user using "less.sh" to see syntax displayed for a file). No direct contact with 'vim' is needed to run "less.sh". How about the attached patch? --- I am still of the strong opinion that "less.sh" as used from the command line should do try to achieve the *primary purpose* what it claims to do, namely: 2. Using Vim like less or more*less* If you use the less or more program to view a file, you don't get syntax highlighting. Thus you would like to use Vim instead. You can do this by using the shell script "$VIMRUNTIME/macros/less.sh". ... I.e. I wanted "less" or "more" but with syntax highlighting. I wasn't expecting a "vim-view" of my file, but a text-view w/syntax highlighting. Note... it also says (under :help less): This shell script uses the Vim script "$VIMRUNTIME/macros/less.vim". It sets up mappings to simulate the commands that less supports. Otherwise, you can still use the Vim commands. In regards to the 2nd sentence... it is also, not quite accurate: when I saw the folds, the first thing I tried was 'zR' (which didn't work). -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Security Risk: (was vim 'less.sh' script probs w/folds)
Christian wrote: > > Ken Takata wrote: > > >Hi, > > > > > >2017/3/28 Tue 6:19:19 UTC+9 L A Walsh wrote: > > >>If I have a file with folds in it (fdm=3Dmarker), and I try to > > >>display it with the vim 'less.sh' script, there doesn't seem to be > > >>a way to get rid of all the folds (no 'zR'). I can use the cursor > > >>keys to move to each fold and open it, but that really defeats > > >>the idea of using 'less' to scroll through the source by pressing > > >>'space' (for example). > > >> > > >>Maybe folds should be disabled for the less.sh script? > > > > > >I'm not sure it should be disabled. However, you can use the following > > >command as a workaround to open all folds: > > > > > >:norm! zR > > > >Thanks for the workaround, but where do I put that to > > make it default, in the the less.vim file? > > You can also use zi or :set nofoldenable or something like this. > > >Why would you think it shouldn't be disabled? I.e. > > how does it help emulate the file-pagers 'less' or 'more' while > > providing syntax-coloring? > > Because less.vim does what Vim would do. > > >From a different perspective, how would a non-vim user > > know what to do to use 'less.sh' if it is supposed to be a pager > > like 'less' or 'more' to page through file or program text without > > having various portions of files possibly hidden. > > How likely is it, that a non-vim user gets into contact with less.vim? > > >It seems that if anyone was using less.sh to display files, > > as they would 'less' or 'more' (but w/syntax highlighting), then > > having text being hidden would seem to be a potential security > > risk, no? > > Where do you see a security risk? It is pretty obvious, that a fold is=20 > there, so it should be easy to disable it and then you see what is=20 > hidden behind a fold. > > How about the attached patch? > > @Bram, > please see the attached patch. It improves less.vim in several ways: > > - Makes 'F' toggle folds to make it easier to disable folds and also > displays it in the help overview "F" already has a meaning: " Re-read file and page forward "tail -f" map F :eGL:sleep 1F Your patch overwrites this. We could use "o" for open and "c" for close, since these would normally be commands that modify the file, but with less Vim is in read-only mode, thus these commands won't work. > - Display 'r' key in the help overview > - Add to the mappings, because when trying out less.vim > I found quite a few of the keys where not working as expected, since > many plugins map the same keys (or the same prefix, which make Vim > wait until the timeout triggers) > > On a related note, I see that less.bat and less.sh set 'no_plugin_maps' > However only 11 of over 200 filetype plugins actually check that > variable. I suggest to at least add a help tag *no_plugin_maps* to > encourage filetype plugin writers to respect that variable. I'll do that. -- hundred-and-one symptoms of being an internet addict: 223. You set up a web-cam as your home's security system. /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ ///sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org/// \\\help me help AIDS victims -- http://ICCF-Holland.org/// -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Security Risk: (was vim 'less.sh' script probs w/folds)
On Mo, 27 Mär 2017, L. A. Walsh wrote:
> Ken Takata wrote:
> >Hi,
> >
> >2017/3/28 Tue 6:19:19 UTC+9 L A Walsh wrote:
> >>If I have a file with folds in it (fdm=marker), and I try to
> >>display it with the vim 'less.sh' script, there doesn't seem to be
> >>a way to get rid of all the folds (no 'zR'). I can use the cursor
> >>keys to move to each fold and open it, but that really defeats
> >>the idea of using 'less' to scroll through the source by pressing
> >>'space' (for example).
> >>
> >>Maybe folds should be disabled for the less.sh script?
> >
> >I'm not sure it should be disabled. However, you can use the following
> >command as a workaround to open all folds:
> >
> >:norm! zR
>
>Thanks for the workaround, but where do I put that to
> make it default, in the the less.vim file?
You can also use zi or :set nofoldenable or something like this.
>Why would you think it shouldn't be disabled? I.e.
> how does it help emulate the file-pagers 'less' or 'more' while
> providing syntax-coloring?
Because less.vim does what Vim would do.
>From a different perspective, how would a non-vim user
> know what to do to use 'less.sh' if it is supposed to be a pager
> like 'less' or 'more' to page through file or program text without
> having various portions of files possibly hidden.
How likely is it, that a non-vim user gets into contact with less.vim?
>It seems that if anyone was using less.sh to display files,
> as they would 'less' or 'more' (but w/syntax highlighting), then
> having text being hidden would seem to be a potential security
> risk, no?
Where do you see a security risk? It is pretty obvious, that a fold is
there, so it should be easy to disable it and then you see what is
hidden behind a fold.
How about the attached patch?
@Bram,
please see the attached patch. It improves less.vim in several ways:
- Makes 'F' toggle folds to make it easier to disable folds and also
displays it in the help overview
- Display 'r' key in the help overview
- Add to the mappings, because when trying out less.vim
I found quite a few of the keys where not working as expected, since
many plugins map the same keys (or the same prefix, which make Vim
wait until the timeout triggers)
On a related note, I see that less.bat and less.sh set 'no_plugin_maps'
However only 11 of over 200 filetype plugins actually check that
variable. I suggest to at least add a help tag *no_plugin_maps* to
encourage filetype plugin writers to respect that variable.
Best,
Christian
--
Das Glück ist eine leichtfertige Person, die sich stark schminkt und
von ferne schön ist.
-- Johann Nepomuk Nestroy
--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_use+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
diff --git a/runtime/macros/less.vim b/runtime/macros/less.vim
index 72b53f269..347c2b457 100644
--- a/runtime/macros/less.vim
+++ b/runtime/macros/less.vim
@@ -70,8 +70,8 @@ au VimEnter * set nomod
set noma
" Give help
-noremap h :call Help()
-map H h
+noremap h :call Help()
+map H h
fun! s:Help()
echo " One page forward b One page backward"
echo "d Half a page forward u Half a page backward"
@@ -84,20 +84,21 @@ fun! s:Help()
echo "\n"
echo ":n Next file :p Previous file"
echo "\n"
+ echo "F Toggle Folds r Redraw"
echo "q Quit v Edit file"
let i = input("Hit Enter to continue")
endfun
" Scroll one page forward
-noremap
