| ▲ | bee_rider 3 days ago | ||||||||||||||||
Doesn’t vim also have some ability, easily abused, to put a script at the top of a file, and it’ll just run when you open the thing? This seems like a really useful functionality to have in the context where you actually do trust the files, but it is wildly insecure and an unexpected trapdoor, to have simple files executing things when you open them with a simple text editor… | |||||||||||||||||
| ▲ | taeric 3 days ago | parent | next [-] | ||||||||||||||||
Emacs has that, too. There are protections in that case, though. See: https://www.gnu.org/software/emacs/manual/html_node/emacs/Sa... Probably going to add similar protections here? Basically, I'd assume if it is your first time visiting a file, macros won't be expanded during autocompletion. | |||||||||||||||||
| |||||||||||||||||
| ▲ | hollerith 3 days ago | parent | prev | next [-] | ||||||||||||||||
That's a different potential vulnerability. I knew about that one (and had disabled the running of such scripts). I didn't know about this one till today. Helping me finish typing the name of a function or variable ("completion") is not the sort of thing I expected (till today) the maintainers of Emacs to be so eager to do that they'd start running code that I never asked to be run. | |||||||||||||||||
| |||||||||||||||||
| ▲ | magic_smoke_ee 3 days ago | parent | prev [-] | ||||||||||||||||
A common pitfall of IDE integration for dynamic languages is that it tends to execute the code under test to provide contextual completion or may decide to run doctests, etc. This has been/is a problem with editing Ruby code, and perhaps Python code and more too too. I'm unsure if this is a problem editing vimscript or lua with NeoVim with the only non-evidence is that I haven't heard of it. | |||||||||||||||||