Max Nikulin writes: > Consider the following source block > > ---- >8 ---- > #+begin_src elisp :var a=(message "%s" "pwnd") > a > #+end_src > ---- 8< ---- > > Open the "*Messages*" buffer (C-h e) and try to evaluate the source > block (C-c C-c). > > Actual result: > "pwnd" message appears in "*Messages*" simultaneously with user prompt > whether the code should be executed. > > Expected result: > No code from the Org buffer and linked files is executed prior to > confirmation from the user. Confirmed. See the attached tentative patch. I tried to balance between annoying users with query and not evaluating unsafe code: '-quoted lists and symbols are still evaluated without prompt. Let me know if you see any potential issues.