Commit: runtime(doc): clarify that viminfo file should be trusted
6 views
Skip to first unread message
Christian Brabandt
Apr 29, 2026, 5:30:17 PMApr 29
to vim...@googlegroups.com
runtime(doc): clarify that viminfo file should be trusted
Commit: https://github.com/vim/vim/commit/e7e35b9e3866abcbb33eec789c85636671c86440
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Apr 29 21:17:11 2026 +0000
runtime(doc): clarify that viminfo file should be trusted
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index e994d2901..3576e174b 100644
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt
@@ -10041,6 +10041,14 @@ A jump table for the options with a short description can be found at |Q_op|.
letter. Thus "KEEPTHIS and "K_L_M" are stored, but "KeepThis"
and "_K_L_M" are not. Nested List and Dict items may not be
read back correctly, you end up with an empty item.
+
+ Restoring |List|, |Dictionary| and |Tuple| variables is done by
+ parsing their textual form with the Vim expression evaluator.
+ Reading a viminfo file with "!" enabled is therefore only safe
+ when the file is trusted. In particular, do not enable "!"
+ before reading a viminfo file you obtained from another user,
+ downloaded, or that is writable by another account. See
+ also |viminfo-security|.
*viminfo-quote*
" Maximum number of lines saved for each register. Old name of
the '<' item, with the disadvantage that you need to put a
diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
index 46a47b7e2..816849fb9 100644
--- a/runtime/doc/starting.txt
+++ b/runtime/doc/starting.txt
@@ -1,4 +1,4 @@
-*starting.txt* For Vim version 9.2. Last change: 2026 Mar 17
+*starting.txt* For Vim version 9.2. Last change: 2026 Apr 29
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -1573,6 +1573,24 @@ Session. You could have several Session files, one for each project you are
working on. Viminfo and Session files together can be used to effectively
enter Vim and directly start working in your desired setup. |session-file|
+ *viminfo-security*
+A viminfo file written by Vim is plain text and contains Vim expressions for
+|List|, |Dictionary| and |Tuple| values. When "!" is in 'viminfo' at the time
+Vim processes the file as a viminfo file, those expressions are evaluated.
+
+The default value of 'viminfo' does not include "!", so by default no
+expression evaluation happens.
+
+Opening a viminfo file in a buffer (e.g. with |:edit|) is harmless; Vim only
+displays the file contents. The risk is letting Vim process an untrusted file
+through the viminfo machinery, which happens when:
+- |:rviminfo| is used on the file, or
+- 'viminfofile' is set to point at it, or
+- the file is placed at the path Vim already reads as viminfo
+ |viminfo-file-name|
+
+In any of those cases, do not have "!" in 'viminfo' if you do not trust it.
+
*viminfo-read*
When Vim is started and the 'viminfo' option is non-empty, the contents of
the viminfo file are read and the info can be used in the appropriate places.
Commit: https://github.com/vim/vim/commit/e7e35b9e3866abcbb33eec789c85636671c86440
Author: Christian Brabandt <c...@256bit.org>
Date: Wed Apr 29 21:17:11 2026 +0000
runtime(doc): clarify that viminfo file should be trusted
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index e994d2901..3576e174b 100644
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt
@@ -10041,6 +10041,14 @@ A jump table for the options with a short description can be found at |Q_op|.
letter. Thus "KEEPTHIS and "K_L_M" are stored, but "KeepThis"
and "_K_L_M" are not. Nested List and Dict items may not be
read back correctly, you end up with an empty item.
+
+ Restoring |List|, |Dictionary| and |Tuple| variables is done by
+ parsing their textual form with the Vim expression evaluator.
+ Reading a viminfo file with "!" enabled is therefore only safe
+ when the file is trusted. In particular, do not enable "!"
+ before reading a viminfo file you obtained from another user,
+ downloaded, or that is writable by another account. See
+ also |viminfo-security|.
*viminfo-quote*
" Maximum number of lines saved for each register. Old name of
the '<' item, with the disadvantage that you need to put a
diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
index 46a47b7e2..816849fb9 100644
--- a/runtime/doc/starting.txt
+++ b/runtime/doc/starting.txt
@@ -1,4 +1,4 @@
-*starting.txt* For Vim version 9.2. Last change: 2026 Mar 17
+*starting.txt* For Vim version 9.2. Last change: 2026 Apr 29
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -1573,6 +1573,24 @@ Session. You could have several Session files, one for each project you are
working on. Viminfo and Session files together can be used to effectively
enter Vim and directly start working in your desired setup. |session-file|
+ *viminfo-security*
+A viminfo file written by Vim is plain text and contains Vim expressions for
+|List|, |Dictionary| and |Tuple| values. When "!" is in 'viminfo' at the time
+Vim processes the file as a viminfo file, those expressions are evaluated.
+
+The default value of 'viminfo' does not include "!", so by default no
+expression evaluation happens.
+
+Opening a viminfo file in a buffer (e.g. with |:edit|) is harmless; Vim only
+displays the file contents. The risk is letting Vim process an untrusted file
+through the viminfo machinery, which happens when:
+- |:rviminfo| is used on the file, or
+- 'viminfofile' is set to point at it, or
+- the file is placed at the path Vim already reads as viminfo
+ |viminfo-file-name|
+
+In any of those cases, do not have "!" in 'viminfo' if you do not trust it.
+
*viminfo-read*
When Vim is started and the 'viminfo' option is non-empty, the contents of
the viminfo file are read and the info can be used in the appropriate places.
Reply all
Reply to author
Forward
0 new messages