Re: Unsafe file variables...

[Kim F. Storm]

address@hidden (Kim F. Storm) writes:

> David Kastrup <address@hidden> writes:
> 
> > Ok, I have had an idea which might be stupid or not.  And it might
> > also have political implications which I am too stupid to see.  I just
> > want to put it out.
> > 
> > Emacs warns about potentially unsafe file variables and stuff, like
> > 
> > ;;; Local variables:
> > ;;; eval: (put 'preview-defmacro 'lisp-indent-function 'defun)
> > ;;; end:
> > 
> > Now it is a nuisance to get this question each time, and it is not
> > feasible to disable the question permanently due to security reasons.
> 
> There is already a simple solution to this in CVS emacs:
> 
> Just add it to safe-local-eval-forms (e.g. via customize).

I just checked that this _is_ documented in NEWS, but it is also
marked so that is NOT added to the emacs manual (---).

IMO, this is a very useful feature which should not be hidden to users.

What about adding this to custom.texi:

*** custom.texi 02 Nov 2003 08:01:02 +0100      1.60
--- custom.texi 05 Apr 2004 04:23:05 +0200      
***************
*** 1060,1065 ****
--- 1060,1071 ----
  neither @code{t} nor @code{nil}, so normally Emacs does ask for
  confirmation about file settings for these variables.
  
+ @findex safe-local-eval-forms
+   The @code{safe-local-eval-forms} is a customizable list of eval
+ forms which are safe to eval, so Emacs should not ask for
+ confirmation to evaluate these forms, even if
+ @code{enable-local-variables} says to ask for confirmation in general.
+ 
  @node Key Bindings
  @section Customizing Key Bindings
  @cindex key bindings


-- 
Kim F. Storm <address@hidden> http://www.cua.dk