On Tue, 21 Feb 2017, Aaron Ecay wrote:

> Hi Chuck,
>
> 2017ko otsailak 20an, "Charles C. Berry"-ek idatzi zuen:
>
> [...]
>
>
>>
>> Allowing header args to be processed (as before) also allows for arbitrary
>> code to be executed.  The point of setting ‘org-export-use-babel’ or
>> `org-export-babel-evaluate' to nil was to prevent this.  For that reason
>> the former behavior was a bug.
>
> Iʼm not sure I agree that itʼs so simple.  There are still ways to execute
> arbitrary code on export independently of babel (e.g. eval macros).  The
> advice to use o-e-babel-evaluate for security was never (IMO) correct –
> the only properly secure wat to export untrusted documents would involve
> some kind of sandboxing of the emacs executable.
>

Fair enough.

[snip]

>
> Taking a step back, I would ask what justifies o-e-b-eʼs existence at
> all.  This thread demonstrates that itʼs not the right way to prevent
> babel blocks from executing on export.  Itʼs also not a good solution to
> the security issue.  Given the potential for confusion, Iʼd be in favor
> of deprecating it entirely unless thereʼs some compelling reason for it
> to exist that Iʼve overlooked.

In view of your point above about `eval' macros, I do not disagree.

Chuck.