emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable

From: Max Nikulin
Subject: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Date: Fri, 30 Dec 2022 18:10:22 +0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 
On 30/12/2022 15:52, Bastien wrote:

But are we sure that users need to confirm header args evaluation
separately from code blocks evaluation?
I do not think we need to confirm header arguments *separately*, but they should not be executed before asking users. It is not easy to implement request for header arguments in another way. 

Commit
10e857d42 2022-10-28 11:09:50 +0800 Ihor Radchenko: org-babel-read: Obey `org-confirm-babel-evaluate' 

was a reaction to
Max Nikulin. [BUG][Security] begin_src :var evaluated before the prompt to confirm execution. Thu, 27 Oct 2022 10:18:05 +0700. https://list.orgmode.org/tjct9e$179u$1@ciao.gmane.io
The latter partially was caused by demand to open arbitrary Org files downloaded from net in Emacs. 

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=58774
[WISH]: Let us make EWW browse WWW Org files correctly
Accidental unsolicited code execution due to unintentional C-c C-c may be rather dangerous, it does not depend if it is source block body, header arguments, or table formula (the latter may still be activated by just TAB). Org-9.5 behavior is not ideal but at least acceptable for most of trusted (e.g. private) Org files.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]