Ihor Radchenko writes: > If necessary, we can introduce a special variable in Org mode that will > disable all the potential third-party code evaluation, even if user has > customized Org to execute code without prompt. If that would be part of org-mode, this would be close to a safe-org-mode. An important part in what I wrote about safe-org-mode is that it has to ensure that what is shown cannot trick the user into thinking something else would get run. A way to reduce risk would be to introduce a domain-allow-list (or prefix-allow-list) in eww for filetypes that could be unsafe, so you could for example add "orgmode.org" to your allowlist and for those domains org-files would auto-open in org-mode. Such security risks have a tendency of getting weaponized down the road when they really hurt. Like when people didn’t care about npm dependencies and had them suddenly deleting their files. And opening in the currently used Emacs may give a malicious file access to remote files opened via tramp, even if you (by virtue of being careful) require a password for the connection to sensitive servers. That way, running something in Emacs can be even more dangerous than running it in the shell. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de