runtime(doc): clarify that viminfo file should be trusted

Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index e994d2901ef8f930f7eff22bfe20a2c46ed0962d..3576e174b76c5c6d5255e0ad1007b08b926c3b24 100644 (file)
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt
@@ -10041,6 +10041,14 @@ A jump table for the options with a short description can be found at |Q_op|.
                letter.  Thus "KEEPTHIS and "K_L_M" are stored, but "KeepThis"
                and "_K_L_M" are not.  Nested List and Dict items may not be
                read back correctly, you end up with an empty item.
+
+               Restoring |List|, |Dictionary| and |Tuple| variables is done by
+               parsing their textual form with the Vim expression evaluator.
+               Reading a viminfo file with "!" enabled is therefore only safe
+               when the file is trusted.  In particular, do not enable "!"
+               before reading a viminfo file you obtained from another user,
+               downloaded, or that is writable by another account.  See
+               also |viminfo-security|.
                                                        *viminfo-quote*
        "       Maximum number of lines saved for each register.  Old name of
                the '<' item, with the disadvantage that you need to put a

diff --git a/runtime/doc/starting.txt b/runtime/doc/starting.txt
index 46a47b7e2b91faf54451edc57af43a7756e5a1f1..816849fb9cde22894ee1fe01ca4f5372d570de2a 100644 (file)
--- a/runtime/doc/starting.txt
+++ b/runtime/doc/starting.txt
@@ -1,4 +1,4 @@
-*starting.txt* For Vim version 9.2.  Last change: 2026 Mar 17
+*starting.txt* For Vim version 9.2.  Last change: 2026 Apr 29
 
 
                  VIM REFERENCE MANUAL    by Bram Moolenaar
@@ -1573,6 +1573,24 @@ Session.  You could have several Session files, one for each project you are
 working on.  Viminfo and Session files together can be used to effectively
 enter Vim and directly start working in your desired setup. |session-file|
 
+                                                       *viminfo-security*
+A viminfo file written by Vim is plain text and contains Vim expressions for
+|List|, |Dictionary| and |Tuple| values.  When "!" is in 'viminfo' at the time
+Vim processes the file as a viminfo file, those expressions are evaluated.
+
+The default value of 'viminfo' does not include "!", so by default no
+expression evaluation happens.
+
+Opening a viminfo file in a buffer (e.g. with |:edit|) is harmless; Vim only
+displays the file contents.  The risk is letting Vim process an untrusted file
+through the viminfo machinery, which happens when:
+- |:rviminfo| is used on the file, or
+- 'viminfofile' is set to point at it, or
+- the file is placed at the path Vim already reads as viminfo
+  |viminfo-file-name|
+
+In any of those cases, do not have "!" in 'viminfo' if you do not trust it.
+
                                                        *viminfo-read*
 When Vim is started and the 'viminfo' option is non-empty, the contents of
 the viminfo file are read and the info can be used in the appropriate places.