From 3e60f03d942d6bb0f7eac61b149e83615518cec0 Mon Sep 17 00:00:00 2001
From: Christian Brabandt <cb@256bit.org>
Date: Wed, 1 Apr 2026 14:28:53 +0000
Subject: runtime(netrw): use fnameescape() with FileUrlEdit()

Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/testdir/test_plugin_netrw.vim | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/testdir')

diff --git a/src/testdir/test_plugin_netrw.vim b/src/testdir/test_plugin_netrw.vim
index ced6284197..478908824b 100644
--- a/src/testdir/test_plugin_netrw.vim
+++ b/src/testdir/test_plugin_netrw.vim
@@ -595,4 +595,12 @@ func Test_netrw_hostname()
   endfor
 endfunc
 
+func Test_netrw_FileUrlEdit_pipe_injection()
+  CheckExecutable id
+  let fname = 'Xtestfile'
+  let url = 'file:///tmp/file.md%7C!id>'..fname
+  sil call netrw#FileUrlEdit(url)
+  call assert_false(filereadable(fname), 'Command injection via pipe in file URL')
+endfunc
+
 " vim:ts=8 sts=2 sw=2 et
-- 
cgit 0.0.5-2-1-g0f52