patch 9.2.0350: Enabling modelines poses a risk
Commit:
https://github.com/vim/vim/commit/4c287947164fe26a6bd32e1c9362668388ae7457
Author: Christian Brabandt <[email protected]>
Date: Tue Apr 14 18:51:54 2026 +0000
patch 9.2.0350: Enabling modelines poses a risk
Problem: Enabling modelines poses a risk, cannot whitelist specific
modelines
Solution: Include the 'modelinestrict' option, enabled by default, that
allows only a few very specific modelines, all others will be
ignored
When set (which it is by default), only the following settings will be
applied, all others will be ignored:
'autoindent'
'cindent'
'commentstring'
'expandtab'
'filetype'
'foldcolumn'
'foldenable'
'foldmethod'
'modifiable'
'readonly'
'rightleft'
'shiftwidth'
'smartindent'
'softtabstop'
'spell'
'spelllang'
'tabstop'
'textwidth'
'varsofttabstop'
'vartabstop'
Supported by AI
closes: #19875
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index 4d40b8aa5..627d96540 100644
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt
@@ -6199,6 +6199,48 @@ A jump table for the options with a short description
can be found at |Q_op|.
NOTE: 'modeline' is set to the Vi default value when 'compatible' is
set and to the Vim default value when 'compatible' is reset.
+ *'modelinestrict'* *'mlst'* *'nomodelinestrict'* *'nomlst'*
+'modelinestrict' 'mlst' boolean (default: on)
+ global
+ When on, only a safe subset of options can be set from a |modeline|.
+ The following options are allowed:
+ 'autoindent'
+ 'cindent'
+ 'commentstring'
+ 'expandtab'
+ 'filetype'
+ 'foldcolumn'
+ 'foldenable'
+ 'foldmethod'
+ 'modifiable'
+ 'readonly'
+ 'rightleft'
+ 'shiftwidth'
+ 'smartindent'
+ 'softtabstop'
+ 'spell'
+ 'spelllang'
+ 'tabstop'
+ 'textwidth'
+ 'varsofttabstop'
+ 'vartabstop'
+
+ Any other option set from a modeline will be silently ignored.
+ This option cannot be set from a |modeline| or in the |sandbox|, for
+ security reasons.
+
+ The behaviour of 'modeline', 'modelinestrict' and 'modelineexpr' is
+ as follows:
+
+ 'modeline'| 'modelinestrict'| 'modelineexpr' | Meaning
+ ----------+-----------------+-------------------+--------~
+ on | off | on | All options can be set
+ on | on | any | Only whitelisted
+ | | | options can be set
+ on | off | off | All options except for
+ | | | expr options can be set
+ off | any | any | No options can be set
+
*'modifiable'* *'ma'* *'nomodifiable'* *'noma'*
*E21*
'modifiable' 'ma' boolean (default on)
diff --git a/runtime/doc/quickref.txt b/runtime/doc/quickref.txt
index 770983780..8f6aca046 100644
--- a/runtime/doc/quickref.txt
+++ b/runtime/doc/quickref.txt
@@ -1,4 +1,4 @@
-*quickref.txt* For Vim version 9.2. Last change: 2026 Apr 07
+*quickref.txt* For Vim version 9.2. Last change: 2026 Apr 09
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -823,6 +823,7 @@ Short explanation of each option: *option-list*
'modeline' 'ml' recognize modelines at start or end of file
'modelineexpr' 'mle' allow setting expression options from a modeline
'modelines' 'mls' number of lines checked for modelines
+'modelinestrict' 'mlst' only allow safe options in modelines
'modifiable' 'ma' changes to the text are not possible
'modified' 'mod' buffer has been modified
'more' pause listings when the whole screen is filled
diff --git a/runtime/doc/tags b/runtime/doc/tags
index c4bc58fc9..4d31cc51a 100644
--- a/runtime/doc/tags
+++ b/runtime/doc/tags
@@ -531,6 +531,7 @@ $quote eval.txt /*$quote*
'ml' options.txt /*'ml'*
'mle' options.txt /*'mle'*
'mls' options.txt /*'mls'*
+'mlst' options.txt /*'mlst'*
'mm' options.txt /*'mm'*
'mmd' options.txt /*'mmd'*
'mmp' options.txt /*'mmp'*
@@ -539,6 +540,7 @@ $quote eval.txt /*$quote*
'modeline' options.txt /*'modeline'*
'modelineexpr' options.txt /*'modelineexpr'*
'modelines' options.txt /*'modelines'*
+'modelinestrict' options.txt /*'modelinestrict'*
'modifiable' options.txt /*'modifiable'*
'modified' options.txt /*'modified'*
'mopt' options.txt /*'mopt'*
@@ -706,9 +708,11 @@ $quote eval.txt /*$quote*
'nomh' options.txt /*'nomh'*
'noml' options.txt /*'noml'*
'nomle' options.txt /*'nomle'*
+'nomlst' options.txt /*'nomlst'*
'nomod' options.txt /*'nomod'*
'nomodeline' options.txt /*'nomodeline'*
'nomodelineexpr' options.txt /*'nomodelineexpr'*
+'nomodelinestrict' options.txt /*'nomodelinestrict'*
'nomodifiable' options.txt /*'nomodifiable'*
'nomodified' options.txt /*'nomodified'*
'nomore' options.txt /*'nomore'*
diff --git a/runtime/doc/version9.txt b/runtime/doc/version9.txt
index 54449a542..fa8c5355c 100644
--- a/runtime/doc/version9.txt
+++ b/runtime/doc/version9.txt
@@ -52634,6 +52634,8 @@ Changed ~
- |js_decode()| rejects lone surrogates
- virtual text properties on lines deleted by a multi-line substitute
are moved to the resulting joined line instead of being dropped.
+- Only a few whitelisted options are allowed to be set by a modeline to
+ improve overall security, see for details: 'modelinestrict'
*added-9.3*
Added ~
@@ -52650,6 +52652,7 @@ Autocommands: ~
Options: ~
+'modelinestrict' Only allow safe options to be set from a modeline.
'pumopt' Additional options for the popup menu
'statuslineopt' Extra window-local options for the
'statusline', to
configure the height.
diff --git a/runtime/optwin.vim b/runtime/optwin.vim
index 522ffed54..73243e77f 100644
--- a/runtime/optwin.vim
+++ b/runtime/optwin.vim
@@ -1,7 +1,7 @@
" These commands create the option window.
"
" Maintainer: The Vim Project <https://github.com/vim/vim>
-" Last Change: 2026 Apr 07
+" Last Change: 2026 Apr 09
" Former Maintainer: Bram Moolenaar <[email protected]>
" If there already is an option window, jump to that one.
@@ -1108,6 +1108,8 @@ call append("$", " " .. s:local_to_buffer)
call <SID>BinOptionL("ml")
call <SID>AddOption("modelineexpr", gettext("allow setting expression options
from a modeline"))
call <SID>BinOptionG("mle", &mle)
+call <SID>AddOption("modelinestrict", gettext("only allow safe options to be
set from a modeline"))
+call <SID>BinOptionG("modelinestrict", &modelinestrict)
call <SID>AddOption("modelines", gettext("number of lines to check for
modelines"))
call append("$", " set mls=" . &mls)
call <SID>AddOption("binary", gettext("binary file editing"))
diff --git a/runtime/syntax/testdir/dumps/python2_strings_05.dump
b/runtime/syntax/testdir/dumps/python2_strings_05.dump
index 0ed41d8b3..730e067fd 100644
--- a/runtime/syntax/testdir/dumps/python2_strings_05.dump
+++ b/runtime/syntax/testdir/dumps/python2_strings_05.dump
@@ -1,7 +1,7 @@
|a+0#e000002#ffffff0|n|d| |l|i|t|e|r|a|l| |\|t| |a|n|d| |\|0|4|0| |a|n|d|
|\|x|F@1| +0#0000000&@42
|a+0#e000002&|n|d| |e|s|c|a|p|e|s| |\+0#e000e06&|u|0@1|A|1| +0#e000002&|a|n|d|
|\+0#e000e06&|U|0@2|1|0|6|0|5|"+0#e000002&@2| +0#0000000&@38
@75
->#+0#0000e05&| |v|i|m|:| |s|y|n|t|a|x|=|p|y|t|h|o|n|2| +0#0000000&@53
+>#+0#0000e05&| |v|i|m|:| |f|t|=|p|y|t|h|o|n|2| +0#0000000&@57
|~+0#4040ff13&| @73
|~| @73
|~| @73
diff --git a/runtime/syntax/testdir/input/python2_strings.py
b/runtime/syntax/testdir/input/python2_strings.py
index a5625b7d6..7ac32da16 100644
--- a/runtime/syntax/testdir/input/python2_strings.py
+++ b/runtime/syntax/testdir/input/python2_strings.py
@@ -79,4 +79,4 @@ test = UR"""Raw Unicode string with quotes ' and "
and literal and and \xFF
and escapes \u00A1 and \U00010605"""
-# vim: syntax=python2
+# vim: ft=python2
diff --git a/runtime/syntax/vim.vim b/runtime/syntax/vim.vim
index 23bdda651..f213710c3 100644
--- a/runtime/syntax/vim.vim
+++ b/runtime/syntax/vim.vim
@@ -68,25 +68,25 @@ syn keyword vimOption contained al aleph ari allowrevins
ambw ambiwidth arab ara
syn keyword vimOption contained co columns com comments cms commentstring cp
compatible cpt complete cfu completefunc cia completeitemalign cot completeopt
cpp completepopup csl completeslash cto completetimeout cocu concealcursor cole
conceallevel cf confirm ci copyindent cpo cpoptions cm cryptmethod cspc
cscopepathcomp csprg cscopeprg csqf cscopequickfix csre cscoperelative cst
cscopetag csto cscopetagorder csverb cscopeverbose crb cursorbind cuc
cursorcolumn cul cursorline culopt cursorlineopt debug def define deco
delcombine dict dictionary diff dia diffanchors dex diffexpr dip diffopt dg
digraph dir directory dy display ead eadirection ed edcompatible emo emoji enc
encoding eof endoffile eol endofline ea equalalways ep equalprg eb errorbells
ef errorfile skipwhite nextgroup=vimSetEqual,vimSetMod
syn keyword vimOption contained efm errorformat ek esckeys ei eventignore eiw
eventignorewin et expandtab ex exrc fenc fileencoding fencs fileencodings ff
fileformat ffs fileformats fic fileignorecase ft filetype fcs fillchars ffu
findfunc fixeol fixendofline fcl foldclose fdc foldcolumn fen foldenable fde
foldexpr fdi foldignore fdl foldlevel fdls foldlevelstart fmr foldmarker fdm
foldmethod fml foldminlines fdn foldnestmax fdo foldopen fdt foldtext fex
formatexpr flp formatlistpat fo formatoptions fp formatprg fs fsync gd gdefault
gfm grepformat gp grepprg gcr guicursor gfn guifont gfs guifontset gfw
guifontwide ghr guiheadroom gli guiligatures go guioptions guipty gtl
guitablabel gtt guitabtooltip hf helpfile hh helpheight hlg helplang hid hidden
hl highlight skipwhite nextgroup=vimSetEqual,vimSetMod
syn keyword vimOption contained hi history hk hkmap hkp hkmapp hls hlsearch
icon iconstring ic ignorecase imaf imactivatefunc imak imactivatekey imc
imcmdline imd imdisable imi iminsert ims imsearch imsf imstatusfunc imst
imstyle inc include inex includeexpr is incsearch inde indentexpr indk
indentkeys inf infercase im insertmode isf isfname isi isident isk iskeyword
isp isprint js joinspaces jop jumpoptions key kmp keymap km keymodel kpc
keyprotocol kp keywordprg lmap langmap lm langmenu lnr langnoremap lrm
langremap ls laststatus lz lazyredraw lhi lhistory lbr linebreak lines lsp
linespace lisp lop lispoptions lw lispwords list lcs listchars lpl loadplugins
luadll magic mef makeef menc makeencoding mp makeprg mps matchpairs mat
matchtime mco maxcombine mfd maxfuncdepth skipwhite
nextgroup=vimSetEqual,vimSetMod
-syn keyword vimOption contained mmd maxmapdepth mm maxmem mmp maxmempattern
mmt maxmemtot msc maxsearchcount mis menuitems mopt messagesopt msm mkspellmem
ml modeline mle modelineexpr mls modelines ma modifiable mod modified more
mouse mousef mousefocus mh mousehide mousem mousemodel mousemev mousemoveevent
mouses mouseshape mouset mousetime mzq mzquantum mzschemedll mzschemegcdll nf
nrformats nu number nuw numberwidth ofu omnifunc odev opendevice opfunc
operatorfunc ost osctimeoutlen pp packpath para paragraphs paste pt pastetoggle
pex patchexpr pm patchmode pa path perldll pi preserveindent pvh previewheight
pvp previewpopup pvw previewwindow pdev printdevice penc printencoding pexpr
printexpr pfn printfont pheader printheader pmbcs printmbcharset pmbfn
printmbfont skipwhite nextgroup=vimSetEqual,vimSetMod
-syn keyword vimOption contained popt printoptions prompt pb pumborder ph
pumheight pmw pummaxwidth pumopt pw pumwidth pythondll pythonhome
pythonthreedll pythonthreehome pyx pyxversion qftf quickfixtextfunc qe
quoteescape ro readonly rdt redrawtime re regexpengine rnu relativenumber remap
rop renderoptions report rs restorescreen ri revins rl rightleft rlc
rightleftcmd rubydll ru ruler ruf rulerformat rtp runtimepath scr scroll scb
scrollbind scf scrollfocus sj scrolljump so scrolloff sbo scrollopt sect
sections secure sel selection slm selectmode ssop sessionoptions sh shell shcf
shellcmdflag sp shellpipe shq shellquote srr shellredir ssl shellslash stmp
shelltemp st shelltype sxe shellxescape sxq shellxquote sr shiftround sw
shiftwidth shm shortmess sn shortname skipwhite nextgroup=vimSetEqual,vimSetMod
-syn keyword vimOption contained sbr showbreak sc showcmd sloc showcmdloc sft
showfulltag sm showmatch smd showmode stal showtabline stpl showtabpanel ss
sidescroll siso sidescrolloff scl signcolumn scs smartcase si smartindent sta
smarttab sms smoothscroll sts softtabstop spell spc spellcapcheck spf spellfile
spl spelllang spo spelloptions sps spellsuggest sb splitbelow spk splitkeep spr
splitright sol startofline stl statusline stlo statuslineopt su suffixes sua
suffixesadd swf swapfile sws swapsync swb switchbuf smc synmaxcol syn syntax
tcl tabclose tal tabline tpm tabpagemax tpl tabpanel tplo tabpanelopt ts
tabstop tbs tagbsearch tc tagcase tfu tagfunc tl taglength tr tagrelative tag
tags tgst tagstack tcldll term tbidi termbidi tenc termencoding tgc
termguicolors skipwhite nextgroup=vimSetEqual,vimSetMod
-syn keyword vimOption contained trz termresize tsy termsync twk termwinkey
twsl termwinscroll tws termwinsize twt termwintype terse ta textauto tx
textmode tw textwidth tsr thesaurus tsrfu thesaurusfunc top tildeop to timeout
tm timeoutlen title titlelen titleold titlestring tb toolbar tbis
toolbariconsize ttimeout ttm ttimeoutlen tbi ttybuiltin tf ttyfast ttym
ttymouse tsl ttyscroll tty ttytype udir undodir udf undofile ul undolevels ur
undoreload uc updatecount ut updatetime vsts varsofttabstop vts vartabstop vbs
verbose vfile verbosefile vdir viewdir vop viewoptions vi viminfo vif
viminfofile ve virtualedit vb visualbell warn wiv weirdinvert ww whichwrap wc
wildchar wcm wildcharm wig wildignore wic wildignorecase wmnu wildmenu wim
wildmode wop wildoptions wak winaltkeys skipwhite
nextgroup=vimSetEqual,vimSetMod
-syn keyword vimOption contained wcr wincolor wi window wfb winfixbuf wfh
winfixheight wfw winfixwidth wh winheight whl winhighlight wmh winminheight wmw
winminwidth winptydll wiw winwidth wse wlseat wst wlsteal wtm wltimeoutlen wrap
wm wrapmargin ws wrapscan write wa writeany wb writebackup wd writedelay
xtermcodes skipwhite nextgroup=vimSetEqual,vimSetMod
+syn keyword vimOption contained mmd maxmapdepth mm maxmem mmp maxmempattern
mmt maxmemtot msc maxsearchcount mis menuitems mopt messagesopt msm mkspellmem
ml modeline mle modelineexpr mls modelines mlst modelinestrict ma modifiable
mod modified more mouse mousef mousefocus mh mousehide mousem mousemodel
mousemev mousemoveevent mouses mouseshape mouset mousetime mzq mzquantum
mzschemedll mzschemegcdll nf nrformats nu number nuw numberwidth ofu omnifunc
odev opendevice opfunc operatorfunc ost osctimeoutlen pp packpath para
paragraphs paste pt pastetoggle pex patchexpr pm patchmode pa path perldll pi
preserveindent pvh previewheight pvp previewpopup pvw previewwindow pdev
printdevice penc printencoding pexpr printexpr pfn printfont pheader
printheader pmbcs printmbcharset skipwhite nextgroup=vimSetEqual,vimSetMod
+syn keyword vimOption contained pmbfn printmbfont popt printoptions prompt pb
pumborder ph pumheight pmw pummaxwidth pumopt pw pumwidth pythondll pythonhome
pythonthreedll pythonthreehome pyx pyxversion qftf quickfixtextfunc qe
quoteescape ro readonly rdt redrawtime re regexpengine rnu relativenumber remap
rop renderoptions report rs restorescreen ri revins rl rightleft rlc
rightleftcmd rubydll ru ruler ruf rulerformat rtp runtimepath scr scroll scb
scrollbind scf scrollfocus sj scrolljump so scrolloff sbo scrollopt sect
sections secure sel selection slm selectmode ssop sessionoptions sh shell shcf
shellcmdflag sp shellpipe shq shellquote srr shellredir ssl shellslash stmp
shelltemp st shelltype sxe shellxescape sxq shellxquote sr shiftround sw
shiftwidth shm shortmess skipwhite nextgroup=vimSetEqual,vimSetMod
+syn keyword vimOption contained sn shortname sbr showbreak sc showcmd sloc
showcmdloc sft showfulltag sm showmatch smd showmode stal showtabline stpl
showtabpanel ss sidescroll siso sidescrolloff scl signcolumn scs smartcase si
smartindent sta smarttab sms smoothscroll sts softtabstop spell spc
spellcapcheck spf spellfile spl spelllang spo spelloptions sps spellsuggest sb
splitbelow spk splitkeep spr splitright sol startofline stl statusline stlo
statuslineopt su suffixes sua suffixesadd swf swapfile sws swapsync swb
switchbuf smc synmaxcol syn syntax tcl tabclose tal tabline tpm tabpagemax tpl
tabpanel tplo tabpanelopt ts tabstop tbs tagbsearch tc tagcase tfu tagfunc tl
taglength tr tagrelative tag tags tgst tagstack tcldll term tbidi termbidi tenc
termencoding skipwhite nextgroup=vimSetEqual,vimSetMod
+syn keyword vimOption contained tgc termguicolors trz termresize tsy termsync
twk termwinkey twsl termwinscroll tws termwinsize twt termwintype terse ta
textauto tx textmode tw textwidth tsr thesaurus tsrfu thesaurusfunc top tildeop
to timeout tm timeoutlen title titlelen titleold titlestring tb toolbar tbis
toolbariconsize ttimeout ttm ttimeoutlen tbi ttybuiltin tf ttyfast ttym
ttymouse tsl ttyscroll tty ttytype udir undodir udf undofile ul undolevels ur
undoreload uc updatecount ut updatetime vsts varsofttabstop vts vartabstop vbs
verbose vfile verbosefile vdir viewdir vop viewoptions vi viminfo vif
viminfofile ve virtualedit vb visualbell warn wiv weirdinvert ww whichwrap wc
wildchar wcm wildcharm wig wildignore wic wildignorecase wmnu wildmenu wim
wildmode skipwhite nextgroup=vimSetEqual,vimSetMod
+syn keyword vimOption contained wop wildoptions wak winaltkeys wcr wincolor wi
window wfb winfixbuf wfh winfixheight wfw winfixwidth wh winheight whl
winhighlight wmh winminheight wmw winminwidth winptydll wiw winwidth wse wlseat
wst wlsteal wtm wltimeoutlen wrap wm wrapmargin ws wrapscan write wa writeany
wb writebackup wd writedelay xtermcodes skipwhite
nextgroup=vimSetEqual,vimSetMod
" vimOptions: These are the turn-off setting variants {{{2
" GEN_SYN_VIM: vimOption turn-off, START_STR='syn keyword vimOption
contained', END_STR=''
syn keyword vimOption contained noari noallowrevins noarab noarabic noarshape
noarabicshape noacd noautochdir noac noautocomplete noai noautoindent noar
noautoread noasd noautoshelldir noaw noautowrite noawa noautowriteall nobk
nobackup nobeval noballooneval nobevalterm noballoonevalterm nobin nobinary
nobomb nobri nobreakindent nobl nobuflisted nocdh nocdhome nocin nocindent nocp
nocompatible nocf noconfirm noci nocopyindent nocsre nocscoperelative nocst
nocscopetag nocsverb nocscopeverbose nocrb nocursorbind nocuc nocursorcolumn
nocul nocursorline nodeco nodelcombine nodiff nodg nodigraph noed
noedcompatible noemo noemoji noeof noendoffile noeol noendofline noea
noequalalways noeb noerrorbells noek noesckeys noet noexpandtab noex noexrc
nofic nofileignorecase
-syn keyword vimOption contained nofixeol nofixendofline nofen nofoldenable
nofs nofsync nogd nogdefault noguipty nohid nohidden nohk nohkmap nohkp
nohkmapp nohls nohlsearch noicon noic noignorecase noimc noimcmdline noimd
noimdisable nois noincsearch noinf noinfercase noim noinsertmode nojs
nojoinspaces nolnr nolangnoremap nolrm nolangremap nolz nolazyredraw nolbr
nolinebreak nolisp nolist nolpl noloadplugins nomagic noml nomodeline nomle
nomodelineexpr noma nomodifiable nomod nomodified nomore nomousef nomousefocus
nomh nomousehide nomousemev nomousemoveevent nonu nonumber noodev noopendevice
nopaste nopi nopreserveindent nopvw nopreviewwindow noprompt noro noreadonly
nornu norelativenumber noremap nors norestorescreen nori norevins norl
norightleft noru noruler
-syn keyword vimOption contained noscb noscrollbind noscf noscrollfocus
nosecure nossl noshellslash nostmp noshelltemp nosr noshiftround nosn
noshortname nosc noshowcmd nosft noshowfulltag nosm noshowmatch nosmd
noshowmode noscs nosmartcase nosi nosmartindent nosta nosmarttab nosms
nosmoothscroll nospell nosb nosplitbelow nospr nosplitright nosol nostartofline
noswf noswapfile notbs notagbsearch notr notagrelative notgst notagstack
notbidi notermbidi notgc notermguicolors notsy notermsync noterse nota
notextauto notx notextmode notop notildeop noto notimeout notitle nottimeout
notbi nottybuiltin notf nottyfast noudf noundofile novb novisualbell nowarn
nowiv noweirdinvert nowic nowildignorecase nowmnu nowildmenu nowfb nowinfixbuf
nowfh nowinfixheight nowfw nowinfixwidth
-syn keyword vimOption contained nowst nowlsteal nowrap nows nowrapscan nowrite
nowa nowriteany nowb nowritebackup noxtermcodes
+syn keyword vimOption contained nofixeol nofixendofline nofen nofoldenable
nofs nofsync nogd nogdefault noguipty nohid nohidden nohk nohkmap nohkp
nohkmapp nohls nohlsearch noicon noic noignorecase noimc noimcmdline noimd
noimdisable nois noincsearch noinf noinfercase noim noinsertmode nojs
nojoinspaces nolnr nolangnoremap nolrm nolangremap nolz nolazyredraw nolbr
nolinebreak nolisp nolist nolpl noloadplugins nomagic noml nomodeline nomle
nomodelineexpr nomlst nomodelinestrict noma nomodifiable nomod nomodified
nomore nomousef nomousefocus nomh nomousehide nomousemev nomousemoveevent nonu
nonumber noodev noopendevice nopaste nopi nopreserveindent nopvw
nopreviewwindow noprompt noro noreadonly nornu norelativenumber noremap nors
norestorescreen nori norevins norl norightleft
+syn keyword vimOption contained noru noruler noscb noscrollbind noscf
noscrollfocus nosecure nossl noshellslash nostmp noshelltemp nosr noshiftround
nosn noshortname nosc noshowcmd nosft noshowfulltag nosm noshowmatch nosmd
noshowmode noscs nosmartcase nosi nosmartindent nosta nosmarttab nosms
nosmoothscroll nospell nosb nosplitbelow nospr nosplitright nosol nostartofline
noswf noswapfile notbs notagbsearch notr notagrelative notgst notagstack
notbidi notermbidi notgc notermguicolors notsy notermsync noterse nota
notextauto notx notextmode notop notildeop noto notimeout notitle nottimeout
notbi nottybuiltin notf nottyfast noudf noundofile novb novisualbell nowarn
nowiv noweirdinvert nowic nowildignorecase nowmnu nowildmenu nowfb nowinfixbuf
nowfh nowinfixheight
+syn keyword vimOption contained nowfw nowinfixwidth nowst nowlsteal nowrap
nows nowrapscan nowrite nowa nowriteany nowb nowritebackup noxtermcodes
" vimOptions: These are the invertible variants {{{2
" GEN_SYN_VIM: vimOption invertible, START_STR='syn keyword vimOption
contained', END_STR=''
syn keyword vimOption contained invari invallowrevins invarab invarabic
invarshape invarabicshape invacd invautochdir invac invautocomplete invai
invautoindent invar invautoread invasd invautoshelldir invaw invautowrite
invawa invautowriteall invbk invbackup invbeval invballooneval invbevalterm
invballoonevalterm invbin invbinary invbomb invbri invbreakindent invbl
invbuflisted invcdh invcdhome invcin invcindent invcp invcompatible invcf
invconfirm invci invcopyindent invcsre invcscoperelative invcst invcscopetag
invcsverb invcscopeverbose invcrb invcursorbind invcuc invcursorcolumn invcul
invcursorline invdeco invdelcombine invdiff invdg invdigraph inved
invedcompatible invemo invemoji inveof invendoffile inveol invendofline invea
invequalalways inveb inverrorbells
-syn keyword vimOption contained invek invesckeys invet invexpandtab invex
invexrc invfic invfileignorecase invfixeol invfixendofline invfen invfoldenable
invfs invfsync invgd invgdefault invguipty invhid invhidden invhk invhkmap
invhkp invhkmapp invhls invhlsearch invicon invic invignorecase invimc
invimcmdline invimd invimdisable invis invincsearch invinf invinfercase invim
invinsertmode invjs invjoinspaces invlnr invlangnoremap invlrm invlangremap
invlz invlazyredraw invlbr invlinebreak invlisp invlist invlpl invloadplugins
invmagic invml invmodeline invmle invmodelineexpr invma invmodifiable invmod
invmodified invmore invmousef invmousefocus invmh invmousehide invmousemev
invmousemoveevent invnu invnumber invodev invopendevice invpaste invpi
invpreserveindent
-syn keyword vimOption contained invpvw invpreviewwindow invprompt invro
invreadonly invrnu invrelativenumber invremap invrs invrestorescreen invri
invrevins invrl invrightleft invru invruler invscb invscrollbind invscf
invscrollfocus invsecure invssl invshellslash invstmp invshelltemp invsr
invshiftround invsn invshortname invsc invshowcmd invsft invshowfulltag invsm
invshowmatch invsmd invshowmode invscs invsmartcase invsi invsmartindent invsta
invsmarttab invsms invsmoothscroll invspell invsb invsplitbelow invspr
invsplitright invsol invstartofline invswf invswapfile invtbs invtagbsearch
invtr invtagrelative invtgst invtagstack invtbidi invtermbidi invtgc
invtermguicolors invtsy invtermsync invterse invta invtextauto invtx
invtextmode invtop invtildeop invto invtimeout
-syn keyword vimOption contained invtitle invttimeout invtbi invttybuiltin
invtf invttyfast invudf invundofile invvb invvisualbell invwarn invwiv
invweirdinvert invwic invwildignorecase invwmnu invwildmenu invwfb invwinfixbuf
invwfh invwinfixheight invwfw invwinfixwidth invwst invwlsteal invwrap invws
invwrapscan invwrite invwa invwriteany invwb invwritebackup invxtermcodes
+syn keyword vimOption contained invek invesckeys invet invexpandtab invex
invexrc invfic invfileignorecase invfixeol invfixendofline invfen invfoldenable
invfs invfsync invgd invgdefault invguipty invhid invhidden invhk invhkmap
invhkp invhkmapp invhls invhlsearch invicon invic invignorecase invimc
invimcmdline invimd invimdisable invis invincsearch invinf invinfercase invim
invinsertmode invjs invjoinspaces invlnr invlangnoremap invlrm invlangremap
invlz invlazyredraw invlbr invlinebreak invlisp invlist invlpl invloadplugins
invmagic invml invmodeline invmle invmodelineexpr invmlst invmodelinestrict
invma invmodifiable invmod invmodified invmore invmousef invmousefocus invmh
invmousehide invmousemev invmousemoveevent invnu invnumber invodev
invopendevice invpaste
+syn keyword vimOption contained invpi invpreserveindent invpvw
invpreviewwindow invprompt invro invreadonly invrnu invrelativenumber invremap
invrs invrestorescreen invri invrevins invrl invrightleft invru invruler invscb
invscrollbind invscf invscrollfocus invsecure invssl invshellslash invstmp
invshelltemp invsr invshiftround invsn invshortname invsc invshowcmd invsft
invshowfulltag invsm invshowmatch invsmd invshowmode invscs invsmartcase invsi
invsmartindent invsta invsmarttab invsms invsmoothscroll invspell invsb
invsplitbelow invspr invsplitright invsol invstartofline invswf invswapfile
invtbs invtagbsearch invtr invtagrelative invtgst invtagstack invtbidi
invtermbidi invtgc invtermguicolors invtsy invtermsync invterse invta
invtextauto invtx invtextmode
+syn keyword vimOption contained invtop invtildeop invto invtimeout invtitle
invttimeout invtbi invttybuiltin invtf invttyfast invudf invundofile invvb
invvisualbell invwarn invwiv invweirdinvert invwic invwildignorecase invwmnu
invwildmenu invwfb invwinfixbuf invwfh invwinfixheight invwfw invwinfixwidth
invwst invwlsteal invwrap invws invwrapscan invwrite invwa invwriteany invwb
invwritebackup invxtermcodes
" termcap codes (which can also be set) {{{2
" GEN_SYN_VIM: vimOption term output code, START_STR='syn keyword vimOption
contained', END_STR='skipwhite nextgroup=vimSetEqual,vimSetMod'
syn keyword vimOption contained t_AB t_AF t_AU t_AL t_al t_bc t_BE t_BD t_cd
t_ce t_Ce t_CF t_cl t_cm t_Co t_CS t_Cs t_cs t_CV t_da t_db t_DL t_dl t_ds t_Ds
t_EC t_EI t_fs t_fd t_fe t_GP t_IE t_IS t_ke t_ks t_le t_mb t_md t_me t_mr t_ms
t_nd t_op t_RF t_RB t_RC t_RI t_Ri t_RK t_RS t_RT t_RV t_Sb t_SC t_se t_Sf t_SH
t_SI t_Si t_so t_SR t_sr t_ST t_Te t_te t_TE t_ti t_TI t_Ts t_ts t_u7 t_ue t_us
t_Us t_ut t_vb t_ve t_vi t_VS t_vs t_WP t_WS t_XM t_xn t_xs t_ZH t_ZR t_8f t_8b
t_8u t_xo t_BS t_ES skipwhite nextgroup=vimSetEqual,vimSetMod
@@ -107,11 +107,11 @@ syn keyword vimOptionVarName contained al aleph ari
allowrevins ambw ambiwidth a
syn keyword vimOptionVarName contained co columns com comments cms
commentstring cp compatible cpt complete cfu completefunc cia completeitemalign
cot completeopt cpp completepopup csl completeslash cto completetimeout cocu
concealcursor cole conceallevel cf confirm ci copyindent cpo cpoptions cm
cryptmethod cspc cscopepathcomp csprg cscopeprg csqf cscopequickfix csre
cscoperelative cst cscopetag csto cscopetagorder csverb cscopeverbose crb
cursorbind cuc cursorcolumn cul cursorline culopt cursorlineopt debug def
define deco delcombine dict dictionary diff dia diffanchors dex diffexpr dip
diffopt dg digraph dir directory dy display ead eadirection ed edcompatible emo
emoji enc encoding eof endoffile eol endofline ea equalalways ep equalprg eb
errorbells ef errorfile
syn keyword vimOptionVarName contained efm errorformat ek esckeys ei
eventignore eiw eventignorewin et expandtab ex exrc fenc fileencoding fencs
fileencodings ff fileformat ffs fileformats fic fileignorecase ft filetype fcs
fillchars ffu findfunc fixeol fixendofline fcl foldclose fdc foldcolumn fen
foldenable fde foldexpr fdi foldignore fdl foldlevel fdls foldlevelstart fmr
foldmarker fdm foldmethod fml foldminlines fdn foldnestmax fdo foldopen fdt
foldtext fex formatexpr flp formatlistpat fo formatoptions fp formatprg fs
fsync gd gdefault gfm grepformat gp grepprg gcr guicursor gfn guifont gfs
guifontset gfw guifontwide ghr guiheadroom gli guiligatures go guioptions
guipty gtl guitablabel gtt guitabtooltip hf helpfile hh helpheight hlg helplang
hid hidden hl highlight
syn keyword vimOptionVarName contained hi history hk hkmap hkp hkmapp hls
hlsearch icon iconstring ic ignorecase imaf imactivatefunc imak imactivatekey
imc imcmdline imd imdisable imi iminsert ims imsearch imsf imstatusfunc imst
imstyle inc include inex includeexpr is incsearch inde indentexpr indk
indentkeys inf infercase im insertmode isf isfname isi isident isk iskeyword
isp isprint js joinspaces jop jumpoptions key kmp keymap km keymodel kpc
keyprotocol kp keywordprg lmap langmap lm langmenu lnr langnoremap lrm
langremap ls laststatus lz lazyredraw lhi lhistory lbr linebreak lines lsp
linespace lisp lop lispoptions lw lispwords list lcs listchars lpl loadplugins
luadll magic mef makeef menc makeencoding mp makeprg mps matchpairs mat
matchtime mco maxcombine
-syn keyword vimOptionVarName contained mfd maxfuncdepth mmd maxmapdepth mm
maxmem mmp maxmempattern mmt maxmemtot msc maxsearchcount mis menuitems mopt
messagesopt msm mkspellmem ml modeline mle modelineexpr mls modelines ma
modifiable mod modified more mouse mousef mousefocus mh mousehide mousem
mousemodel mousemev mousemoveevent mouses mouseshape mouset mousetime mzq
mzquantum mzschemedll mzschemegcdll nf nrformats nu number nuw numberwidth ofu
omnifunc odev opendevice opfunc operatorfunc ost osctimeoutlen pp packpath para
paragraphs paste pt pastetoggle pex patchexpr pm patchmode pa path perldll pi
preserveindent pvh previewheight pvp previewpopup pvw previewwindow pdev
printdevice penc printencoding pexpr printexpr pfn printfont pheader
printheader pmbcs printmbcharset
-syn keyword vimOptionVarName contained pmbfn printmbfont popt printoptions
prompt pb pumborder ph pumheight pmw pummaxwidth pumopt pw pumwidth pythondll
pythonhome pythonthreedll pythonthreehome pyx pyxversion qftf quickfixtextfunc
qe quoteescape ro readonly rdt redrawtime re regexpengine rnu relativenumber
remap rop renderoptions report rs restorescreen ri revins rl rightleft rlc
rightleftcmd rubydll ru ruler ruf rulerformat rtp runtimepath scr scroll scb
scrollbind scf scrollfocus sj scrolljump so scrolloff sbo scrollopt sect
sections secure sel selection slm selectmode ssop sessionoptions sh shell shcf
shellcmdflag sp shellpipe shq shellquote srr shellredir ssl shellslash stmp
shelltemp st shelltype sxe shellxescape sxq shellxquote sr shiftround sw
shiftwidth
-syn keyword vimOptionVarName contained shm shortmess sn shortname sbr
showbreak sc showcmd sloc showcmdloc sft showfulltag sm showmatch smd showmode
stal showtabline stpl showtabpanel ss sidescroll siso sidescrolloff scl
signcolumn scs smartcase si smartindent sta smarttab sms smoothscroll sts
softtabstop spell spc spellcapcheck spf spellfile spl spelllang spo
spelloptions sps spellsuggest sb splitbelow spk splitkeep spr splitright sol
startofline stl statusline stlo statuslineopt su suffixes sua suffixesadd swf
swapfile sws swapsync swb switchbuf smc synmaxcol syn syntax tcl tabclose tal
tabline tpm tabpagemax tpl tabpanel tplo tabpanelopt ts tabstop tbs tagbsearch
tc tagcase tfu tagfunc tl taglength tr tagrelative tag tags tgst tagstack
tcldll term tbidi termbidi
-syn keyword vimOptionVarName contained tenc termencoding tgc termguicolors trz
termresize tsy termsync twk termwinkey twsl termwinscroll tws termwinsize twt
termwintype terse ta textauto tx textmode tw textwidth tsr thesaurus tsrfu
thesaurusfunc top tildeop to timeout tm timeoutlen title titlelen titleold
titlestring tb toolbar tbis toolbariconsize ttimeout ttm ttimeoutlen tbi
ttybuiltin tf ttyfast ttym ttymouse tsl ttyscroll tty ttytype udir undodir udf
undofile ul undolevels ur undoreload uc updatecount ut updatetime vsts
varsofttabstop vts vartabstop vbs verbose vfile verbosefile vdir viewdir vop
viewoptions vi viminfo vif viminfofile ve virtualedit vb visualbell warn wiv
weirdinvert ww whichwrap wc wildchar wcm wildcharm wig wildignore wic
wildignorecase wmnu wildmenu
-syn keyword vimOptionVarName contained wim wildmode wop wildoptions wak
winaltkeys wcr wincolor wi window wfb winfixbuf wfh winfixheight wfw
winfixwidth wh winheight whl winhighlight wmh winminheight wmw winminwidth
winptydll wiw winwidth wse wlseat wst wlsteal wtm wltimeoutlen wrap wm
wrapmargin ws wrapscan write wa writeany wb writebackup wd writedelay xtermcodes
+syn keyword vimOptionVarName contained mfd maxfuncdepth mmd maxmapdepth mm
maxmem mmp maxmempattern mmt maxmemtot msc maxsearchcount mis menuitems mopt
messagesopt msm mkspellmem ml modeline mle modelineexpr mls modelines mlst
modelinestrict ma modifiable mod modified more mouse mousef mousefocus mh
mousehide mousem mousemodel mousemev mousemoveevent mouses mouseshape mouset
mousetime mzq mzquantum mzschemedll mzschemegcdll nf nrformats nu number nuw
numberwidth ofu omnifunc odev opendevice opfunc operatorfunc ost osctimeoutlen
pp packpath para paragraphs paste pt pastetoggle pex patchexpr pm patchmode pa
path perldll pi preserveindent pvh previewheight pvp previewpopup pvw
previewwindow pdev printdevice penc printencoding pexpr printexpr pfn printfont
pheader printheader
+syn keyword vimOptionVarName contained pmbcs printmbcharset pmbfn printmbfont
popt printoptions prompt pb pumborder ph pumheight pmw pummaxwidth pumopt pw
pumwidth pythondll pythonhome pythonthreedll pythonthreehome pyx pyxversion
qftf quickfixtextfunc qe quoteescape ro readonly rdt redrawtime re regexpengine
rnu relativenumber remap rop renderoptions report rs restorescreen ri revins rl
rightleft rlc rightleftcmd rubydll ru ruler ruf rulerformat rtp runtimepath scr
scroll scb scrollbind scf scrollfocus sj scrolljump so scrolloff sbo scrollopt
sect sections secure sel selection slm selectmode ssop sessionoptions sh shell
shcf shellcmdflag sp shellpipe shq shellquote srr shellredir ssl shellslash
stmp shelltemp st shelltype sxe shellxescape sxq shellxquote sr shiftround
+syn keyword vimOptionVarName contained sw shiftwidth shm shortmess sn
shortname sbr showbreak sc showcmd sloc showcmdloc sft showfulltag sm showmatch
smd showmode stal showtabline stpl showtabpanel ss sidescroll siso
sidescrolloff scl signcolumn scs smartcase si smartindent sta smarttab sms
smoothscroll sts softtabstop spell spc spellcapcheck spf spellfile spl
spelllang spo spelloptions sps spellsuggest sb splitbelow spk splitkeep spr
splitright sol startofline stl statusline stlo statuslineopt su suffixes sua
suffixesadd swf swapfile sws swapsync swb switchbuf smc synmaxcol syn syntax
tcl tabclose tal tabline tpm tabpagemax tpl tabpanel tplo tabpanelopt ts
tabstop tbs tagbsearch tc tagcase tfu tagfunc tl taglength tr tagrelative tag
tags tgst tagstack tcldll
+syn keyword vimOptionVarName contained term tbidi termbidi tenc termencoding
tgc termguicolors trz termresize tsy termsync twk termwinkey twsl termwinscroll
tws termwinsize twt termwintype terse ta textauto tx textmode tw textwidth tsr
thesaurus tsrfu thesaurusfunc top tildeop to timeout tm timeoutlen title
titlelen titleold titlestring tb toolbar tbis toolbariconsize ttimeout ttm
ttimeoutlen tbi ttybuiltin tf ttyfast ttym ttymouse tsl ttyscroll tty ttytype
udir undodir udf undofile ul undolevels ur undoreload uc updatecount ut
updatetime vsts varsofttabstop vts vartabstop vbs verbose vfile verbosefile
vdir viewdir vop viewoptions vi viminfo vif viminfofile ve virtualedit vb
visualbell warn wiv weirdinvert ww whichwrap wc wildchar wcm wildcharm wig
wildignore
+syn keyword vimOptionVarName contained wic wildignorecase wmnu wildmenu wim
wildmode wop wildoptions wak winaltkeys wcr wincolor wi window wfb winfixbuf
wfh winfixheight wfw winfixwidth wh winheight whl winhighlight wmh winminheight
wmw winminwidth winptydll wiw winwidth wse wlseat wst wlsteal wtm wltimeoutlen
wrap wm wrapmargin ws wrapscan write wa writeany wb writebackup wd writedelay
xtermcodes
" GEN_SYN_VIM: vimOption term output code variable, START_STR='syn keyword
vimOptionVarName contained', END_STR=''
syn keyword vimOptionVarName contained t_AB t_AF t_AU t_AL t_al t_bc t_BE t_BD
t_cd t_ce t_Ce t_CF t_cl t_cm t_Co t_CS t_Cs t_cs t_CV t_da t_db t_DL t_dl t_ds
t_Ds t_EC t_EI t_fs t_fd t_fe t_GP t_IE t_IS t_ke t_ks t_le t_mb t_md t_me t_mr
t_ms t_nd t_op t_RF t_RB t_RC t_RI t_Ri t_RK t_RS t_RT t_RV t_Sb t_SC t_se t_Sf
t_SH t_SI t_Si t_so t_SR t_sr t_ST t_Te t_te t_TE t_ti t_TI t_Ts t_ts t_u7 t_ue
t_us t_Us t_ut t_vb t_ve t_vi t_VS t_vs t_WP t_WS t_XM t_xn t_xs t_ZH t_ZR t_8f
t_8b t_8u t_xo t_BS t_ES
syn keyword vimOptionVarName contained t_F1 t_F2 t_F3 t_F4 t_F5 t_F6 t_F7 t_F8
t_F9 t_k1 t_K1 t_k2 t_k3 t_K3 t_k4 t_K4 t_k5 t_K5 t_k6 t_K6 t_k7 t_K7 t_k8 t_K8
t_k9 t_K9 t_KA t_kb t_kB t_KB t_KC t_kd t_kD t_KD t_KE t_KF t_KG t_kh t_KH t_kI
t_KI t_KJ t_KK t_kl t_KL t_kN t_kP t_kr t_ku
diff --git a/src/option.c b/src/option.c
index ab1166098..46009341d 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1543,6 +1543,44 @@ get_opt_op(char_u *arg)
return op;
}
+// Options that are allowed in a modeline when 'modelinestrict' is on.
+static char *modeline_whitelist[] =
+{
+ "autoindent",
+ "cindent",
+ "commentstring",
+ "expandtab",
+ "filetype",
+ "foldcolumn",
+ "foldenable",
+ "foldmethod",
+ "modifiable",
+ "readonly",
+ "rightleft",
+ "shiftwidth",
+ "smartindent",
+ "softtabstop",
+ "spell",
+ "spelllang",
+ "tabstop",
+ "textwidth",
+ "varsofttabstop",
+ "vartabstop",
+ NULL
+};
+
+/*
+ * Return TRUE if option "name" is in the modeline whitelist.
+ */
+ static bool
+is_modeline_whitelisted(char *name)
+{
+ for (int i = 0; modeline_whitelist[i] != NULL; i++)
+ if (STRCMP(name, modeline_whitelist[i]) == 0)
+ return true;
+ return false;
+}
+
/*
* Validate whether the value of the option in "opt_idx" can be changed.
* Returns FAIL if the option can be skipped or cannot be changed. Returns OK
@@ -1575,6 +1613,11 @@ validate_opt_idx(int opt_idx, int opt_flags, long_u
flags, char **errmsg)
*errmsg = e_not_allowed_in_modeline_when_modelineexpr_is_off;
return FAIL;
}
+ // When 'modelinestrict' is on, only whitelisted options may be
+ // set from a modeline. Silently skip others.
+ if (p_mlstr && opt_idx >= 0
+ && !is_modeline_whitelisted(options[opt_idx].fullname))
+ return FAIL;
#ifdef FEAT_DIFF
// In diff mode some options are overruled. This avoids that
// 'foldmethod' becomes "marker" instead of "diff" and that
diff --git a/src/option.h b/src/option.h
index 7165ea80c..6bf6169bb 100644
--- a/src/option.h
+++ b/src/option.h
@@ -807,6 +807,7 @@ EXTERN char_u *p_msm; // 'mkspellmem'
EXTERN int p_ml; // 'modeline'
EXTERN int p_mle; // 'modelineexpr'
EXTERN long p_mls; // 'modelines'
+EXTERN int p_mlstr; // 'modelinestrict'
EXTERN int p_ma; // 'modifiable'
EXTERN int p_mod; // 'modified'
EXTERN char_u *p_mouse; // 'mouse'
diff --git a/src/optiondefs.h b/src/optiondefs.h
index 9fd2fe5cd..38962790b 100644
--- a/src/optiondefs.h
+++ b/src/optiondefs.h
@@ -1785,6 +1785,9 @@ static struct vimoption options[] =
{"modelines", "mls", P_NUM|P_VI_DEF,
(char_u *)&p_mls, PV_NONE, NULL, NULL,
{(char_u *)5L, (char_u *)0L} SCTX_INIT},
+ {"modelinestrict", "mlst", P_BOOL|P_VI_DEF|P_SECURE,
+ (char_u *)&p_mlstr, PV_NONE, NULL, NULL,
+ {(char_u *)TRUE, (char_u *)0L} SCTX_INIT},
{"modifiable", "ma", P_BOOL|P_VI_DEF|P_NOGLOB,
(char_u *)&p_ma, PV_MA, did_set_modifiable, NULL,
{(char_u *)TRUE, (char_u *)0L} SCTX_INIT},
diff --git a/src/po/vim.pot b/src/po/vim.pot
index b2e3b0f64..b09ade556 100644
--- a/src/po/vim.pot
+++ b/src/po/vim.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Vim
"
"Report-Msgid-Bugs-To: [email protected]
"
-"POT-Creation-Date: 2026-04-07 19:50+0000
"
+"POT-Creation-Date: 2026-04-09 20:33+0000
"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE
"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>
"
"Language-Team: LANGUAGE <[email protected]>
"
@@ -10223,6 +10223,9 @@ msgstr ""
msgid "allow setting expression options from a modeline"
msgstr ""
+msgid "only allow safe options to be set from a modeline"
+msgstr ""
+
msgid "number of lines to check for modelines"
msgstr ""
diff --git a/src/testdir/test_fold.vim b/src/testdir/test_fold.vim
index c377a9573..d4b3a5093 100644
--- a/src/testdir/test_fold.vim
+++ b/src/testdir/test_fold.vim
@@ -1766,7 +1766,7 @@ func Test_foldtext_in_modeline()
bw!
endfunc
- set modeline modelineexpr
+ set modeline modelineexpr nomodelinestrict
call Check_foldtext_in_modeline('setlocal')
call Check_foldtext_in_modeline('set')
@@ -1792,7 +1792,7 @@ func Test_foldtext_in_modeline()
call assert_equal(['after'], readfile('Xmodelinefoldtext_write'))
bwipe!
- set modeline& modelineexpr&
+ set modeline& modelineexpr& modelinestrict&
delfunc ModelineFoldText
delfunc Check_foldtext_in_modeline
endfunc
@@ -1849,7 +1849,7 @@ func Test_foldexpr_in_modeline()
bw!
endfunc
- set modeline modelineexpr
+ set modeline modelineexpr nomodelinestrict
call Check_foldexpr_in_modeline('setlocal')
call Check_foldexpr_in_modeline('set')
@@ -1875,7 +1875,7 @@ func Test_foldexpr_in_modeline()
call assert_equal(['after'], readfile('Xmodelinefoldexpr_write'))
bwipe!
- set modeline& modelineexpr&
+ set modeline& modelineexpr& modelinestrict&
delfunc ModelineFoldExpr
delfunc Check_foldexpr_in_modeline
endfunc
diff --git a/src/testdir/test_indent.vim b/src/testdir/test_indent.vim
index c3f7953ca..c19be6328 100644
--- a/src/testdir/test_indent.vim
+++ b/src/testdir/test_indent.vim
@@ -195,7 +195,7 @@ endfunc
" Test for setting the 'indentexpr' from a modeline
func Test_modeline_indent_expr()
let modeline = &modeline
- set modeline
+ set modeline nomodelinestrict
func GetIndent()
return line('.') * 2
endfunc
@@ -206,7 +206,7 @@ func Test_modeline_indent_expr()
exe "normal Oa
b
"
call assert_equal([' a', ' b'], getline(1, 2))
- set modelineexpr&
+ set modelineexpr& modelinestrict&
delfunc GetIndent
let &modeline = modeline
bw!
diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim
index 79fc7d14d..b78a4258f 100644
--- a/src/testdir/test_modeline.vim
+++ b/src/testdir/test_modeline.vim
@@ -47,7 +47,7 @@ endfunc
func Test_modeline_syntax()
call writefile(['vim: set syn=c :', 'nothing'], 'Xmodeline_syntax', 'D')
let modeline = &modeline
- set modeline
+ set modeline nomodelinestrict
syntax enable
split Xmodeline_syntax
call assert_equal("c", &syntax)
@@ -55,6 +55,7 @@ func Test_modeline_syntax()
bwipe!
let &modeline = modeline
+ set modelinestrict
syntax off
endfunc
@@ -62,13 +63,14 @@ func Test_modeline_keymap()
CheckFeature keymap
call writefile(['vim: set keymap=greek :', 'nothing'], 'Xmodeline_keymap',
'D')
let modeline = &modeline
- set modeline
+ set modeline nomodelinestrict
split Xmodeline_keymap
call assert_equal("greek", &keymap)
call assert_match('greek\|grk', b:keymap_name)
bwipe!
let &modeline = modeline
+ set modelinestrict
set keymap= iminsert=0 imsearch=-1
endfunc
@@ -145,7 +147,8 @@ endfunc
func Test_modeline_colon()
let modeline = &modeline
- set modeline
+ let modelinestrict = &modelinestrict
+ set modeline nomodelinestrict
call writefile(['// vim: set showbreak=\: ts=2: sw=2'], 'Xmodeline_colon',
'D')
edit Xmodeline_colon
@@ -159,6 +162,7 @@ func Test_modeline_colon()
call assert_equal(8, &sw)
let &modeline = modeline
+ let &modelinestrict = modelinestrict
endfunc
func s:modeline_fails(what, text, error)
@@ -170,7 +174,8 @@ func s:modeline_fails(what, text, error)
let fname = "Xmodeline_fails_" . a:what
call writefile(['vim: set ' . a:text . ' :', 'nothing'], fname, 'D')
let modeline = &modeline
- set modeline
+ let modelinestrict = &modelinestrict
+ set modeline nomodelinestrict
filetype plugin on
syntax enable
call assert_fails('split ' . fname, a:error)
@@ -179,6 +184,7 @@ func s:modeline_fails(what, text, error)
bwipe!
let &modeline = modeline
+ let &modelinestrict = modelinestrict
filetype plugin off
syntax off
endfunc
@@ -348,20 +354,23 @@ endfunc
" Some options cannot be set from the modeline when 'diff' option is set
func Test_modeline_diff_buffer()
+ set nomodelinestrict
call writefile(['vim: diff foldmethod=marker wrap'], 'Xmdifile', 'D')
set foldmethod& nowrap
new Xmdifile
call assert_equal('manual', &foldmethod)
call assert_false(&wrap)
set wrap&
+ set modelinestrict
bw
endfunc
func Test_modeline_disable()
- set modeline
+ set modeline nomodelinestrict
call writefile(['vim: sw=2', 'vim: nomodeline', 'vim: sw=3'],
'Xmodeline_disable', 'D')
edit Xmodeline_disable
call assert_equal(2, &sw)
+ set modelinestrict
endfunc
" If 'nowrap' is set from a modeline, '>' is used forcibly as lcs-extends.
@@ -373,6 +382,7 @@ func Test_modeline_nowrap_lcs_extends()
\ 'ddd vim: nowrap',
\ ], 'Xmodeline_nowrap', 'D')
set noequalalways
+ set nomodelinestrict
11new | 20vsplit
func Check_modeline_nowrap(expect_insecure, expect_secure, set_cmd)
@@ -493,4 +503,111 @@ func Test_modeline_nowrap_lcs_extends()
set equalalways&
endfunc
+func Test_modeline_strict_allowed()
+ let modeline = &modeline
+ set modeline modelinestrict
+
+ " Whitelisted options should work
+ call writefile(['vim: set ts=2 sw=4 et :'], 'Xmodeline_strict', 'D')
+ split Xmodeline_strict
+ call assert_equal(2, &ts)
+ call assert_equal(4, &sw)
+ call assert_equal(1, &et)
+ bwipe!
+
+ " 'filetype' should work
+ call writefile(['vim: set ft=python :'], 'Xmodeline_strict')
+ filetype plugin on
+ split Xmodeline_strict
+ call assert_equal("python", &filetype)
+ bwipe!
+ filetype plugin off
+
+ " 'spell' and 'spelllang' should work
+ call writefile(['vim: set spell spelllang=de :'], 'Xmodeline_strict')
+ split Xmodeline_strict
+ call assert_equal(1, &spell)
+ call assert_equal("de", &spelllang)
+ bwipe!
+
+ " 'foldmethod' should work
+ call writefile(['vim: set fdm=marker :'], 'Xmodeline_strict')
+ split Xmodeline_strict
+ call assert_equal("marker", &foldmethod)
+ bwipe!
+
+ " 'autoindent' and 'cindent' should work
+ call writefile(['vim: set ai cin :'], 'Xmodeline_strict')
+ split Xmodeline_strict
+ call assert_equal(1, &ai)
+ call assert_equal(1, &cin)
+ bwipe!
+
+ " 'textwidth'
+ call writefile(['vim: set tw=10 :'], 'Xmodeline_strict')
+ split Xmodeline_strict
+ call assert_equal(10, &textwidth)
+ bwipe!
+
+ let &modeline = modeline
+ set modelinestrict
+endfunc
+
+func Test_modeline_strict_blocked()
+ let modeline = &modeline
+ set modeline modelinestrict
+
+ " 'wrap' is not whitelisted, should be silently skipped
+ set wrap
+ call writefile(['vim: set nowrap :'], 'Xmodeline_strict_fail')
+ split Xmodeline_strict_fail
+ call assert_equal(1, &wrap)
+ bwipe!
+
+ " 'number' is not whitelisted, should be silently skipped
+ set nonumber
+ call writefile(['vim: set number :'], 'Xmodeline_strict_fail')
+ split Xmodeline_strict_fail
+ call assert_equal(0, &number)
+ bwipe!
+
+ " Whitelisted options still work alongside blocked ones
+ set wrap nonumber
+ call writefile(['vim: set nowrap ts=3 number :'], 'Xmodeline_strict_fail')
+ split Xmodeline_strict_fail
+ call assert_equal(1, &wrap)
+ call assert_equal(3, &ts)
+ call assert_equal(0, &number)
+ bwipe!
+
+ let &modeline = modeline
+endfunc
+
+func Test_modeline_strict_off()
+ let modeline = &modeline
+ set modeline nomodelinestrict
+
+ " With modelinestrict off, non-whitelisted options should work
+ call writefile(['vim: set number :'], 'Xmodeline_strict_off', 'D')
+ split Xmodeline_strict_off
+ call assert_equal(1, &number)
+ bwipe!
+
+ let &modeline = modeline
+ set modelinestrict&
+endfunc
+
+func Test_modeline_strict_cannot_be_set_from_modeline()
+ let modeline = &modeline
+ set modeline modelinestrict
+
+ " 'modelinestrict' itself cannot be set from a modeline (P_SECURE)
+ call writefile(['vim: set nomodelinestrict :'], 'Xmodeline_strict_ml', 'D')
+ call assert_fails('split Xmodeline_strict_ml', 'E520:')
+ call assert_equal(1, &modelinestrict)
+ bwipe!
+
+ let &modeline = modeline
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 5326c3dfb..69a4f6daf 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -2271,7 +2271,7 @@ func Test_switchbuf()
" If opening a file changes 'switchbuf', then the new value should be
" retained.
- set modeline&vim
+ set modeline&vim nomodelinestrict
call writefile(["vim: switchbuf=split"], 'Xqftestfile1', 'D')
enew | only
set switchbuf&vim
@@ -2290,7 +2290,7 @@ func Test_switchbuf()
call delete('Xqftestfile2')
call delete('Xqftestfile3')
- set switchbuf&vim
+ set switchbuf&vim modelinestrict
enew | only
endfunc
diff --git a/src/version.c b/src/version.c
index 657dc3f47..9aef76d65 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 350,
/**/
349,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1wCizV-002hT9-3e%40256bit.org.
