From mboxrd@z Thu Jan  1 00:00:00 1970
From: Aaron Ecay <aaronecay@gmail.com>
Subject: [PATCH 0/3] Safe local variable declarations
Date: Mon, 28 Oct 2013 16:19:00 -0400
Message-ID: <1382991543-14273-1-git-send-email-aaronecay@gmail.com>
Return-path: <emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57328)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aaronecay@gmail.com>) id 1VatHQ-0000Zj-D1
	for emacs-orgmode@gnu.org; Mon, 28 Oct 2013 16:19:22 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aaronecay@gmail.com>) id 1VatHK-00079G-AB
	for emacs-orgmode@gnu.org; Mon, 28 Oct 2013 16:19:16 -0400
Received: from mail-qa0-x231.google.com ([2607:f8b0:400d:c00::231]:59086)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aaronecay@gmail.com>) id 1VatHK-000798-4b
	for emacs-orgmode@gnu.org; Mon, 28 Oct 2013 16:19:10 -0400
Received: by mail-qa0-f49.google.com with SMTP id i13so2409116qae.15
	for <emacs-orgmode@gnu.org>; Mon, 28 Oct 2013 13:19:09 -0700 (PDT)
List-Id: "General discussions about Org-mode." <emacs-orgmode.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-orgmode>
List-Post: <mailto:emacs-orgmode@gnu.org>
List-Help: <mailto:emacs-orgmode-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-orgmode>,
	<mailto:emacs-orgmode-request@gnu.org?subject=subscribe>
Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
Sender: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org
To: emacs-orgmode@gnu.org

In
<http://mid.gmane.org/CANtbJLFJ84FixMJr_4BAC=iXrPQoZm44dFxAaK6Z1fBTbrqzdw@mail.gmail.com>,
Klaus-Dieter pointed out that many export variables are not marked as
safe locals, which makes it annoying to use them as file-local
variables, especially in collaborative situations.  Here are 3 patches
that make a start at marking some variables safe, when they are in
fact safe.

With respect to the LaTeX export variables specifically, there are
many string variables that inject LaTeX code into the output
(`org-latex-active-timestamp-format', to give just one example).
Currently the patch takes a conservative approach, not touching these
variables.

LaTeX code can run arbitrary shell commands, *only if* the user passes
a command line flag to latex to explicitly enable that functionality.
I think a decision has to be made about whether to allow these string
variables to be marked as safe.  There are two failsafes (the
default-unsafe nature of these variables and the LaTeX command line
switch); marking the variables as safe would remove one of them.  But
it would also lower the barrier to collaborating on reproducible
documents significantly, I think.

Obviously, if people like this approach the other export backends and
org-babel languages should be gone through and have safe variable
predicates added to them.

Aaron Ecay (3):
  Mark ox-latex variables safe locals under proper conditions
  Mark some org-babel variables as safe locals under proper conditions
  mark o-b-default-header-args:R as a safe local under proper conditions

 lisp/ob-R.el     | 16 ++++++++++++++++
 lisp/ob-core.el  | 31 +++++++++++++++++++++++++++++++
 lisp/ox-latex.el | 18 ++++++++++++------
 3 files changed, 59 insertions(+), 6 deletions(-)

--
1.8.4.1