Closed manishtomar closed 7 years ago
@@ master #721 diff @@
==========================================
Files 79 79
Lines 5564 5564
Methods 0 0
Messages 0 0
Branches 784 784
==========================================
Hits 5542 5542
Misses 10 10
Partials 12 12
Powered by Codecov. Last update 78a54c8...ba9fe65
I understand the desire for automatic project-specific configuration, but I really do not want to encourage the use of a horribly insecure plugin to achieve this. (vim
should not execute code from the current directory).
I feel a little bad closing this PR, since I agree the metadata is useful, but unless there's some way to make this type of execution safe, I feel like it would be irresponsible to add it to the project. So for now at least, closing.
Hmm. Since this file is only executed by the plugin wouldn't the developer have made the decision about its security before this file is actually executed?
@manishtomar My point isn't that Mimic might somehow subvert their security, but rather that I don't want to encourage this plugin's use, because it is doubtful that the developer has thoughtfully evaluated it. For example, would you expect cd Downloads/some-weird-thing; vi textfile.txt
to execute arbitrary code?
which comes into effect when opening any file in this directory. Currently, it only colors 105 column.