From f62f37d1ed8965eee954ad70794484bcc432de24 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jo=C3=A3o=20T=C3=A1vora?= Date: Mon, 19 Nov 2018 23:16:33 +0000 Subject: [PATCH] Fix potential security issue fontifying lsp doc Previously, a server could mistankely or maliciously call *-mode functions by in the response to a completion or hover request, specifically in the :documentation field of the response. Although there are plenty of similar avenues of attack in Emacs, it's probably a good idea not to let LSP servers decide which functions to call in an Emacs session running Eglot. * eglot.el (eglot--format-markup): Call major-mode to fontify buffer, not some dynamically constructed function name. (eglot-completion-at-point): Ensure eglot--format-markup runs in source buffer. GitHub-reference: fix https://github.com/joaotavora/eglot/issues/154 --- lisp/progmodes/eglot.el | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lisp/progmodes/eglot.el b/lisp/progmodes/eglot.el index c382c67e549..f4a02ac7a92 100644 --- a/lisp/progmodes/eglot.el +++ b/lisp/progmodes/eglot.el @@ -810,7 +810,7 @@ Doubles as an indicator of snippet support." (if (stringp markup) (list (string-trim markup) (intern "gfm-mode")) (list (plist-get markup :value) - (intern (concat (plist-get markup :language) "-mode" )))))) + major-mode)))) (with-temp-buffer (ignore-errors (funcall mode)) (insert string) (font-lock-ensure) (buffer-string)))) @@ -1585,11 +1585,13 @@ is not active." (get-text-property 0 'eglot--lsp-completion obj) :cancel-on-input t) - :documentation))))) - (when documentation + :documentation)))) + (formatted (and documentation + (eglot--format-markup documentation)))) + (when formatted (with-current-buffer (get-buffer-create " *eglot doc*") (erase-buffer) - (insert (eglot--format-markup documentation)) + (insert formatted) (current-buffer))))) :company-prefix-length (cl-some #'looking-back -- 2.39.2