Re: Security Risk: (was vim 'less.sh' script probs w/folds)

Christian Brabandt wrote:
> On Mo, 27 Mär 2017, L. A. Walsh wrote:
>> Why would you think it shouldn't be disabled? I.e.
>> how does it help emulate the file-pagers 'less' or 'more' while
>> providing syntax-coloring?
>
> Because less.vim does what Vim would do.
====
Here is the problem -- I am not using "less.vim"...

I type in (at the command prompt):
less.sh <filename>

I'm not directly using 'vim'... I'm using a ".sh" file included that
is supposed to allow syntax highlighting.


>
> How likely is it, that a non-vim user gets into contact with less.vim?
----
See above. No contact with less.vim was needed.

>
>> It seems that if anyone was using less.sh to display files,
>> as they would 'less' or 'more' (but w/syntax highlighting), then
>> having text being hidden would seem to be a potential security
>> risk, no?
>
> Where do you see a security risk? It is pretty obvious, that a fold is
> there, so it should be easy to disable it and then you see what is
> hidden behind a fold.
----
"What's a fold" (i.e. a vim-naive user using "less.sh"
to see syntax displayed for a file). No direct contact
with 'vim' is needed to run "less.sh".
>
> How about the attached patch?
---
I am still of the strong opinion that "less.sh" as used
from the command line should do try to achieve the *primary purpose*
what it claims to do, namely:


2. Using Vim like less or more *less*

If you use the less or more program to view a file,
you don't get syntax highlighting. Thus you would like to use Vim
instead. You can do this by using the shell script
"$VIMRUNTIME/macros/less.sh".

...

----
I.e. I wanted "less" or "more" but with syntax highlighting.

I wasn't expecting a "vim-view" of my file, but a text-view
w/syntax highlighting.

Note... it also says (under :help less):

This shell script uses the Vim script "$VIMRUNTIME/macros/less.vim".
It sets up mappings to simulate the commands that
less supports. Otherwise, you can still use the Vim commands.

----
In regards to the 2nd sentence... it is also, not
quite accurate: when I saw the folds, the
first thing I tried was 'zR' (which didn't work).



--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.