emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Ihor Radchenko <yantar92@posteo.net>
To: "Rudolf Adamkovič" <salutis@me.com>
Cc: emacs-orgmode@gnu.org
Subject: [PATCH] Re: [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)]
Date: Mon, 17 Oct 2022 12:47:18 +0000	[thread overview]
Message-ID: <87k04ypqg9.fsf@localhost> (raw)
In-Reply-To: <m28ruxklo5.fsf@me.com>

[-- Attachment #1: Type: text/plain, Size: 620 bytes --]

Rudolf Adamkovič <salutis@me.com> writes:

> In some of my notes, I have the following line:
> # -*- org-html-htmlize-output-type: nil -*-
> Every time I open such a file, Emacs wants me to confirm that doing so
> poses no security risk.  Could we perhaps make this variable safe?

Can be done. Like in the attached patch.
However, note that Emacs will still want about buffer-local setting if
ox-html is not loaded.

The same will happen with any other "safe" variable defined in Org
libraries that are not loaded by default.

I am wondering if we should add autoload cookies to such variables.

[-- Attachment #2: 0001-org-html-htmlize-output-type-Mark-safe-as-buffer-loc.patch --]
[-- Type: text/x-patch, Size: 1343 bytes --]

From 5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2 Mon Sep 17 00:00:00 2001
Message-Id: <5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2.1666010682.git.yantar92@posteo.net>
From: Ihor Radchenko <yantar92@posteo.net>
Date: Mon, 17 Oct 2022 20:43:59 +0800
Subject: [PATCH] org-html-htmlize-output-type: Mark safe as buffer-local
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* lisp/ox-html.el (org-html-htmlize-output-type): This variable is
safe to set buffer-locally as a symbol.

Reported-by: Rudolf Adamkovič <salutis@me.com>
Link: https://orgmode.org/list/m28ruxklo5.fsf@me.com
 lisp/ox-html.el | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lisp/ox-html.el b/lisp/ox-html.el
index cad06aebf..c34711d1e 100644
--- a/lisp/ox-html.el
+++ b/lisp/ox-html.el
@@ -897,7 +897,8 @@ (defcustom org-html-htmlize-output-type 'inline-css
 in all modes you want.  Then, use the command
 `\\[org-html-htmlize-generate-css]' to extract class definitions."
   :group 'org-export-html
-  :type '(choice (const css) (const inline-css) (const nil)))
+  :type '(choice (const css) (const inline-css) (const nil))
+  :safe #'symbolp)
 (defcustom org-html-htmlize-font-prefix "org-"
   "The prefix for CSS class names for htmlize font specifications."

[-- Attachment #3: Type: text/plain, Size: 224 bytes --]

Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

  reply	other threads:[~2022-10-17 12:49 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-30 20:34 [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)] Rudolf Adamkovič
2022-10-17 12:47 ` Ihor Radchenko [this message]
2022-11-11  3:33   ` [PATCH] " Ihor Radchenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87k04ypqg9.fsf@localhost \
    --to=yantar92@posteo.net \
    --cc=emacs-orgmode@gnu.org \
    --cc=salutis@me.com \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).