list of all script files that
have been sourced. There is also the `getscriptinfo()` function, but the
information returned is not exactly the same. In case you need to manipulate
the output of `scriptnames` this code can be used: >
" Get the output of ":scriptnames" in the scriptnames_output variable.
let scriptnames_output = ''
redir => scriptnames_output
silent scriptnames
redir END
" Split the output into lines and parse each line. Add an entry to the
" "scripts" dictionary.
let scripts = {}
for line in split(scriptnames_output, "\n")
" Only do non-blank lines.
if line =~ '\S'
" Get the first number in the line.
let nr = matchstr(line, '\d\+')
" Get the file name, remove the script number " 123: ".
let name = substitute(line, '.\+:\s*', '', '')
" Add an item to the Dictionary
let scripts[nr] = name
endif
endfor
unlet scriptnames_output
==============================================================================
The sandbox *eval-sandbox* *sandbox*
The 'foldexpr', 'formatexpr', 'includeexpr', 'indentexpr', 'statusline' and
'foldtext' options may be evaluated in a sandbox. This means that you are
protected from these expressions having nasty side effects. This gives some
safety for when these options are set from a modeline. It is also used when
the command from a tags file is executed and for CTRL-R = in the command line.
The sandbox is also used for the |:sandbox| command.
*E48*
These items are not allowed in the sandbox:
- changing the buffer text
- defining or changing mapping, autocommands, user commands
- setting certain options (see |option-summary|)
- setting certain v: variables (see |v:var|) *E794*
- executing a shell command
- reading or writing a file
- jumping to another buffer or editing a file
- executing Python, Perl, etc. commands
This is not guaranteed 100% secure, but it should block most attacks.
*:san* *:sandbox*
:san[dbox] {cmd} Execute {cmd} in the sandbox. Useful to evaluate an
option that may have been set from a modeline, e.g.
'foldexpr'.
*sandbox-option*
A few options contain an expression. When this expression is evaluated it may
have to be done in the sandbox to avoid a security risk. But the sandbox is
restrictive, thus this only happens when the option was set from an insecure
location. Insecure in this context are:
- sourcing a .nvimrc or .exrc in the current directory
- while executing in the sandbox
- value coming from a modeline
- executing a function that was defined in the sandbox
Note that when in the sandbox and saving an option value and restoring it, the
option will still be marked as it was set in the sandbox.
==============================================================================
Textlock *textlock*
In a few situations it is not allowed to change the text in the buffer, jump
to another window and some other things that might confuse or break what Vim
is currently doing. This mostly applies to things that happen when Vim is
actually doing something else. For example, a TextYankPost autocommand cannot
edit the text it is yanking.
This is not allowed when the textlock is active:
- changing the buffer text
- jumping to another buffer or window
- editing another file
- closing a window or quitting Vim
- etc.
==============================================================================
Vim script library *vim-script-library*
Vim comes bundled with a Vim script library, that can be used by runtime,
script authors. Currently, it only includes very few functions, but it may
grow over time.
*dist#vim*
The functions make use of the autoloaded prefix "dist#vim".
The following functions are available:
dist#vim#IsSafeExecutable(filetype, executable) ~
This function takes a filetype and an executable and checks whether it is safe
to execute the given executable. For security reasons users may not want to
have Vim execute random executables