emacs-elpa-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[elpa] externals/compat a415c5f47a: compat-30: Update trusted-content-p

From: ELPA Syncer
Subject: [elpa] externals/compat a415c5f47a: compat-30: Update trusted-content-p
Date: Mon, 16 Dec 2024 12:58:00 -0500 (EST) 
branch: externals/compat
commit a415c5f47a14355325d72a3bab8b62ddaebe0f10
Author: Daniel Mendler <mail@daniel-mendler.de>
Commit: Daniel Mendler <mail@daniel-mendler.de>

    compat-30: Update trusted-content-p
---
 compat-30.el | 41 ++++++++++++++++++-----------------------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/compat-30.el b/compat-30.el
index 33305e3f88..fff2ddd3c8 100644
--- a/compat-30.el
+++ b/compat-30.el
@@ -80,30 +80,25 @@ all files, which opens a gaping security hole."
   "Return non-nil if we trust the contents of the current buffer.
 Here, \"trust\" means that we are willing to run code found inside of it.
 See also `trusted-content'."
-  ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
-  ;; to try and avoid marking as trusted a file that's merely accessed
-  ;; via a symlink that happens to be inside a trusted dir.
   (and (not untrusted-content)
-       buffer-file-truename
-       (with-demoted-errors "trusted-content-p: %S"
-         (let ((exists (file-exists-p buffer-file-truename)))
-           (or
-            (eq trusted-content :all)
-            ;; We can't avoid trusting the user's init file.
-            (if (and exists user-init-file)
-                (file-equal-p buffer-file-truename user-init-file)
-              (equal buffer-file-truename user-init-file))
-            (let ((file (abbreviate-file-name buffer-file-truename))
-                  (trusted nil))
-              (dolist (tf trusted-content)
-                (when (or (if exists (file-equal-p tf file) (equal tf file))
-                          ;; We don't use `file-in-directory-p' here, because
-                          ;; we want to err on the conservative side: "guilty
-                          ;; until proven innocent".
-                          (and (string-suffix-p "/" tf)
-                               (string-prefix-p tf file)))
-                  (setq trusted t)))
-              trusted))))))
+       (or
+        (eq trusted-content :all)
+        (and
+         buffer-file-truename
+         (with-demoted-errors "trusted-content-p: %S"
+           (let ((exists (file-exists-p buffer-file-truename)))
+             (or
+              (if (and exists user-init-file)
+                  (file-equal-p buffer-file-truename user-init-file)
+                (equal buffer-file-truename user-init-file))
+              (let ((file (abbreviate-file-name buffer-file-truename))
+                    (trusted nil))
+                (dolist (tf trusted-content)
+                  (when (or (if exists (file-equal-p tf file) (equal tf file))
+                            (and (string-suffix-p "/" tf)
+                                 (string-prefix-p tf file)))
+                    (setq trusted t)))
+                trusted))))))))
 
 (compat-defun require-with-check (feature &optional filename noerror) ;; 
<compat-tests:require-with-check>
   "If FEATURE is not already loaded, load it from FILENAME.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]