Commit: patch 9.2.0405: when jumping to tags, will open URLs
4 views
Skip to first unread message
Christian Brabandt
Apr 27, 2026, 4:00:19 PM (22 hours ago) Apr 27
to vim...@googlegroups.com
patch 9.2.0405: when jumping to tags, will open URLs
Commit: https://github.com/vim/vim/commit/ae196b2d589562fbb3fcd64cd0cc33f052c6cf56
Author: Christian Brabandt <c...@256bit.org>
Date: Mon Apr 27 18:40:07 2026 +0000
patch 9.2.0405: when jumping to tags, will open URLs
Problem: when jumping to tags, will open URLs
(Srinivas Piskala Ganesh Babu)
Solution: Disallow trying to open remote files.
closes: #20068
Supported by AI
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/doc/tags b/runtime/doc/tags
index 65edb2c31..6376edad2 100644
--- a/runtime/doc/tags
+++ b/runtime/doc/tags
@@ -4778,6 +4778,7 @@ E1572 options.txt /*E1572*
E1573 channel.txt /*E1573*
E1574 channel.txt /*E1574*
E1575 builtin.txt /*E1575*
+E1576 tagsrch.txt /*E1576*
E158 sign.txt /*E158*
E159 sign.txt /*E159*
E16 cmdline.txt /*E16*
diff --git a/runtime/doc/tagsrch.txt b/runtime/doc/tagsrch.txt
index eb2cb1b3f..cad4caf1a 100644
--- a/runtime/doc/tagsrch.txt
+++ b/runtime/doc/tagsrch.txt
@@ -579,6 +579,9 @@ ctags).
have an absolute or relative path. It may contain environment
variables and wildcards (although the use of wildcards is
doubtful). It cannot contain a <Tab>.
+ *E1576*
+ Using a remote file via network protocol (e.g. using
+ http://remote/file.txt) is not allowed.
{tagaddress} The Ex command that positions the cursor on the tag. It can
be any Ex command, although restrictions apply (see
|tag-security|). Posix only allows line numbers and search
diff --git a/src/errors.h b/src/errors.h
index 8ac627af6..c077118c6 100644
--- a/src/errors.h
+++ b/src/errors.h
@@ -3809,3 +3809,5 @@ EXTERN char e_gethostbyname_in_channel_listen[]
EXTERN char e_cannot_create_pipes[]
INIT(= N_("E1575: Cannot create pipes"));
#endif
+EXTERN char e_tag_file_entry_must_not_be_url[]
+ INIT(= N_("E1576: Tag file entry must not be a URL"));
diff --git a/src/po/vim.pot b/src/po/vim.pot
index e3206e871..8f43a89f7 100644
--- a/src/po/vim.pot
+++ b/src/po/vim.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Vim
"
"Report-Msgid-Bugs-To: vim...@vim.org
"
-"POT-Creation-Date: 2026-04-21 19:33+0000
"
+"POT-Creation-Date: 2026-04-27 18:39+0000
"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE
"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>
"
"Language-Team: LANGUAGE <L...@li.org>
"
@@ -8856,6 +8856,9 @@ msgstr ""
msgid "E1575: Cannot create pipes"
msgstr ""
+msgid "E1576: Tag file entry must not be a URL"
+msgstr ""
+
#. type of cmdline window or 0
#. result of cmdline window or 0
#. buffer of cmdline window or NULL
diff --git a/src/tag.c b/src/tag.c
index e10a83760..6861a44cf 100644
--- a/src/tag.c
+++ b/src/tag.c
@@ -4135,6 +4135,15 @@ expand_tag_fname(char_u *fname, char_u *tag_fname, int expand)
char_u *expanded_fname = NULL;
expand_T xpc;
+ // Refuse to follow URLs from tag files. Tag entries are expected
+ // to reference local source files; a URL would otherwise be passed
+ // to netrw and trigger a network request.
+ if (path_with_url(fname))
+ {
+ emsg(_(e_tag_file_entry_must_not_be_url));
+ return NULL;
+ }
+
/*
* Expand file name (for environment variables) when needed.
* Disallow backticks, they could execute arbitrary shell
diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
index c0fa7b02e..d0e18002b 100644
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -1715,4 +1715,15 @@ func Test_tag_backtick_filename_not_expanded()
bwipe!
endfunc
+func Test_tagjump_refuse_url()
+ call writefile([
+ \ "XTagURL http://127.0.0.1:1/$XTAG_SECRET/file.c /^int main"
+ \ ], 'Xtags', 'D')
+ let save_tags = &tags
+ set tags=Xtags
+
+ call assert_fails('tag XTagURL', 'E1576:')
+ let &tags = save_tags
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index ef0fd8afa..977996448 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 405,
/**/
404,
/**/
Commit: https://github.com/vim/vim/commit/ae196b2d589562fbb3fcd64cd0cc33f052c6cf56
Author: Christian Brabandt <c...@256bit.org>
Date: Mon Apr 27 18:40:07 2026 +0000
patch 9.2.0405: when jumping to tags, will open URLs
Problem: when jumping to tags, will open URLs
(Srinivas Piskala Ganesh Babu)
Solution: Disallow trying to open remote files.
closes: #20068
Supported by AI
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/runtime/doc/tags b/runtime/doc/tags
index 65edb2c31..6376edad2 100644
--- a/runtime/doc/tags
+++ b/runtime/doc/tags
@@ -4778,6 +4778,7 @@ E1572 options.txt /*E1572*
E1573 channel.txt /*E1573*
E1574 channel.txt /*E1574*
E1575 builtin.txt /*E1575*
+E1576 tagsrch.txt /*E1576*
E158 sign.txt /*E158*
E159 sign.txt /*E159*
E16 cmdline.txt /*E16*
diff --git a/runtime/doc/tagsrch.txt b/runtime/doc/tagsrch.txt
index eb2cb1b3f..cad4caf1a 100644
--- a/runtime/doc/tagsrch.txt
+++ b/runtime/doc/tagsrch.txt
@@ -579,6 +579,9 @@ ctags).
have an absolute or relative path. It may contain environment
variables and wildcards (although the use of wildcards is
doubtful). It cannot contain a <Tab>.
+ *E1576*
+ Using a remote file via network protocol (e.g. using
+ http://remote/file.txt) is not allowed.
{tagaddress} The Ex command that positions the cursor on the tag. It can
be any Ex command, although restrictions apply (see
|tag-security|). Posix only allows line numbers and search
diff --git a/src/errors.h b/src/errors.h
index 8ac627af6..c077118c6 100644
--- a/src/errors.h
+++ b/src/errors.h
@@ -3809,3 +3809,5 @@ EXTERN char e_gethostbyname_in_channel_listen[]
EXTERN char e_cannot_create_pipes[]
INIT(= N_("E1575: Cannot create pipes"));
#endif
+EXTERN char e_tag_file_entry_must_not_be_url[]
+ INIT(= N_("E1576: Tag file entry must not be a URL"));
diff --git a/src/po/vim.pot b/src/po/vim.pot
index e3206e871..8f43a89f7 100644
--- a/src/po/vim.pot
+++ b/src/po/vim.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Vim
"
"Report-Msgid-Bugs-To: vim...@vim.org
"
-"POT-Creation-Date: 2026-04-21 19:33+0000
"
+"POT-Creation-Date: 2026-04-27 18:39+0000
"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE
"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>
"
"Language-Team: LANGUAGE <L...@li.org>
"
@@ -8856,6 +8856,9 @@ msgstr ""
msgid "E1575: Cannot create pipes"
msgstr ""
+msgid "E1576: Tag file entry must not be a URL"
+msgstr ""
+
#. type of cmdline window or 0
#. result of cmdline window or 0
#. buffer of cmdline window or NULL
diff --git a/src/tag.c b/src/tag.c
index e10a83760..6861a44cf 100644
--- a/src/tag.c
+++ b/src/tag.c
@@ -4135,6 +4135,15 @@ expand_tag_fname(char_u *fname, char_u *tag_fname, int expand)
char_u *expanded_fname = NULL;
expand_T xpc;
+ // Refuse to follow URLs from tag files. Tag entries are expected
+ // to reference local source files; a URL would otherwise be passed
+ // to netrw and trigger a network request.
+ if (path_with_url(fname))
+ {
+ emsg(_(e_tag_file_entry_must_not_be_url));
+ return NULL;
+ }
+
/*
* Expand file name (for environment variables) when needed.
* Disallow backticks, they could execute arbitrary shell
diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim
index c0fa7b02e..d0e18002b 100644
--- a/src/testdir/test_tagjump.vim
+++ b/src/testdir/test_tagjump.vim
@@ -1715,4 +1715,15 @@ func Test_tag_backtick_filename_not_expanded()
bwipe!
endfunc
+func Test_tagjump_refuse_url()
+ call writefile([
+ \ "XTagURL http://127.0.0.1:1/$XTAG_SECRET/file.c /^int main"
+ \ ], 'Xtags', 'D')
+ let save_tags = &tags
+ set tags=Xtags
+
+ call assert_fails('tag XTagURL', 'E1576:')
+ let &tags = save_tags
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index ef0fd8afa..977996448 100644
--- a/src/version.c
+++ b/src/version.c
@@ -729,6 +729,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 405,
/**/
404,
/**/
Reply all
Reply to author
Forward
0 new messages