They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
I use EditPadLite and have done for a loong time. It has regex find and replace, is fast and you can tell it to display word wrapped or not, numbered lines or not, font, size, colours, syntax highlighting scheme, all based on file extensions. I have it as my default text editor and for all kinds of other files as well as text.
If I want to do major coding, I fire up the IDE and choose from my recent projects, but if I want to quickly edit some xml or a single source file, I double click it and edit it in EditPadLite.
This is the first I’ve heard of EditPadLite. From a cursory examination of their site, it appears to be written with the same general design philosophy as Metapad, albeit not as low profile. I’ll give it a tentative thumbs up.
The EditPadLite download is 18mb. My copy of Metapad is 190k. Small and fast.
The only time it’s ever in the least bit slow to load is when it’s on a onedrive folder at work and Microsoft don’t cache it locally so there’s a delay getting the thing in the first place.
Does metapad have regex find and replace? If so, smaller and even faster is appealing.
The find and replace is based off of the Notepad interface.
It does support searching for newlines and such, but it doesn’t look like it does full regex.
Ah. I use regex replace every week with matching substrings a good few times a month. It’s not any slower to load than notepad and considerably less annoying.