bug#66485: 13.2.1; preview-scale-function should be safe for numberp

[Philipp G. Haselwarter]

If something bad happens when it's set to 10000 (I can't test this since I don't use preview) you could use a different predicate, e.g. (lambda (x) (and (numberp x) (> x 0.5) (< x 10)).

On Sun, 15 Oct 2023 at 13:13, David Kastrup <dak@gnu.org> wrote:

Arash Esbati <arash@gnu.org> writes:

> David Kastrup <dak@gnu.org> writes:
>
>> Arash Esbati <arash@gnu.org> writes:
>>
>>> I think this is a reasonable change.  What do others think?
>>
>> Iam not sure what happens if you put, say, 10000 in there.
>
> Maybe I'm missing the point, but how is this related to allowing
> `preview-scale-function' as a file local variable?

It is allowed as a file variable.  The setting is about when Emacs will
ask back before setting a variable to a possibly malicious value when
using Emacs as the application to view/edit externally provided files
from unverified sources.

And you can respond to that prompt by stating that a particular setting
should always be allowed in future.

> One could customize the variable globally to 10000 and the result
> would be the same?

Sure, but that is not an attack vector.  If someone has access to
customize, worrying about safety is already over.

> BTW, I don't know either what happens if one puts 10000 there.

The question is whether this should be enough of a worry to stop such
settings to take effect automatically.  I am not saying that it should,
just that this is the metric for making this change.

--
David Kastrup