m1ngsama/chopsticks
1
0
Fork 0
mirror of https://oauth2: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@github.com/m1ngsama/chopsticks.git synced 2026-06-26 05:44:38 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make project-local exrc opt-in (#63)

Browse source 
`set exrc` causes Vim to source `.vimrc`/`.exrc` from the current
working directory, which is a wider blast radius than the default
should accept for a config aimed at SSH/shared-host workflows.
`set secure` mitigates the most dangerous behaviors but still allows
arbitrary buffer state changes from an untrusted CWD.

Gate both behind `g:chopsticks_enable_exrc` (default off), following the
existing opt-in convention used for jk escape, Ctrl-S save, auto-pairs,
terminal keymaps, and completion keymaps.

Closes #62
This commit is contained in:
m1ngsama 2026-05-16 23:00:44 +08:00 committed by GitHub
parent 8a36b41d66
commit fc872918a1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -33,6 +33,9 @@
### Changed
- `set exrc`/`set secure` are now opt-in via `g:chopsticks_enable_exrc = 1`;
Vim no longer sources project-local `.vimrc`/`.exrc` from the working
directory by default
- `,?` cheat sheet is now profile-aware and hides LSP/ALE/preview/UndoTree keys
when those features are disabled
- Module reload/source paths now use `fnameescape()` so installs in paths with

1
README.md
View file

@ -87,6 +87,7 @@ let g:chopsticks_enable_sudo_save_bang = 1 " optional: :w!! sudo save
let g:chopsticks_enable_completion_keymaps = 1 " optional: Tab/Enter completion
let g:chopsticks_enable_auto_pairs = 1 " optional: automatic pair insertion
let g:chopsticks_enable_terminal_keymaps = 1 " optional: terminal Esc/Ctrl navigation
let g:chopsticks_enable_exrc = 1 " optional: source project-local .vimrc/.exrc from CWD
```
`minimal` avoids LSP, ALE, completion plugins, extra language syntax plugins,

2
modules/core.vim
View file

@ -183,8 +183,10 @@ endif
" ── Project-Local Config ────────────────────────────────────────────────────
if get(g:, 'chopsticks_enable_exrc', 0)
set exrc
set secure
endif
set sessionoptions=blank,buffers,curdir,folds,help,tabpages,winsize,winpos,terminal
if has("patch-8.1.0360")

10
scripts/test.sh
View file

@ -236,6 +236,16 @@ check_vim() {
-c 'if has("terminal") && (maparg("<Esc><Esc>", "t") !~# "<C-\\\\><C-N>" || maparg("<C-h>", "t") !~# "<C-W>h" || maparg("<C-j>", "t") !~# "<C-W>j" || maparg("<C-k>", "t") !~# "<C-W>k" || maparg("<C-l>", "t") !~# "<C-W>l") | cquit | endif' \
-c 'qa!' 2>&1
XDG_CONFIG_HOME="$EMPTY_XDG" vim -u .vimrc -i NONE -es -N \
-c 'if &exrc || &secure | cquit | endif' \
-c 'qa!' 2>&1
XDG_CONFIG_HOME="$EMPTY_XDG" vim -u NONE -i NONE -es -N \
-c 'let g:chopsticks_enable_exrc = 1' \
-c 'source .vimrc' \
-c 'if !&exrc || !&secure | cquit | endif' \
-c 'qa!' 2>&1
XDG_CONFIG_HOME="$EMPTY_XDG" vim -u .vimrc -i NONE -es -N \
-c 'silent! delcommand LspStatus' \
-c 'silent! delcommand LspInstallServer' \