Hi everyone,
setting up my capture templates to work with a new Chrome extension I noticed that when i mark some text containing %-escapes inserted with the '%i' in the template the %-escape was
evaluated.
For example, marking %(print (buffer-name)) will be replaced with
"*Capture*".
I am now wondering if this is intended or not and if this could be
used as a kind of exploit to run code if someone captures code
from a website.
Is there a way to prevent this? I thought about escaping the string, but I would have to change the chrome extension or maybe is it possible to escape it somehow in the template?
Here is my template:
("p" "org-protocol-Ch-marked" entry (file refile-path)
"* %:description\n %U\n %:link\n #+BEGIN_QUOTE\n %i\n #+END_QUOTE" :immediate-finish t :empty-lines-after 1)
br,
Thomas