From: Ihor Radchenko <yantar92@posteo.net>
To: "Rudolf Adamkovič" <salutis@me.com>
Cc: emacs-orgmode@gnu.org
Subject: [PATCH] Re: [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)]
Date: Mon, 17 Oct 2022 12:47:18 +0000 [thread overview]
Message-ID: <87k04ypqg9.fsf@localhost> (raw)
In-Reply-To: <m28ruxklo5.fsf@me.com>
[-- Attachment #1: Type: text/plain, Size: 620 bytes --]
Rudolf Adamkovič <salutis@me.com> writes:
> In some of my notes, I have the following line:
>
> # -*- org-html-htmlize-output-type: nil -*-
>
> Every time I open such a file, Emacs wants me to confirm that doing so
> poses no security risk. Could we perhaps make this variable safe?
Can be done. Like in the attached patch.
However, note that Emacs will still want about buffer-local setting if
ox-html is not loaded.
The same will happen with any other "safe" variable defined in Org
libraries that are not loaded by default.
I am wondering if we should add autoload cookies to such variables.
[-- Attachment #2: 0001-org-html-htmlize-output-type-Mark-safe-as-buffer-loc.patch --]
[-- Type: text/x-patch, Size: 1343 bytes --]
From 5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2 Mon Sep 17 00:00:00 2001
Message-Id: <5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2.1666010682.git.yantar92@posteo.net>
From: Ihor Radchenko <yantar92@posteo.net>
Date: Mon, 17 Oct 2022 20:43:59 +0800
Subject: [PATCH] org-html-htmlize-output-type: Mark safe as buffer-local
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* lisp/ox-html.el (org-html-htmlize-output-type): This variable is
safe to set buffer-locally as a symbol.
Reported-by: Rudolf Adamkovič <salutis@me.com>
Link: https://orgmode.org/list/m28ruxklo5.fsf@me.com
---
lisp/ox-html.el | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lisp/ox-html.el b/lisp/ox-html.el
index cad06aebf..c34711d1e 100644
--- a/lisp/ox-html.el
+++ b/lisp/ox-html.el
@@ -897,7 +897,8 @@ (defcustom org-html-htmlize-output-type 'inline-css
in all modes you want. Then, use the command
`\\[org-html-htmlize-generate-css]' to extract class definitions."
:group 'org-export-html
- :type '(choice (const css) (const inline-css) (const nil)))
+ :type '(choice (const css) (const inline-css) (const nil))
+ :safe #'symbolp)
(defcustom org-html-htmlize-font-prefix "org-"
"The prefix for CSS class names for htmlize font specifications."
--
2.35.1
[-- Attachment #3: Type: text/plain, Size: 224 bytes --]
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
next prev parent reply other threads:[~2022-10-17 12:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-30 20:34 [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)] Rudolf Adamkovič
2022-10-17 12:47 ` Ihor Radchenko [this message]
2022-11-11 3:33 ` [PATCH] " Ihor Radchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k04ypqg9.fsf@localhost \
--to=yantar92@posteo.net \
--cc=emacs-orgmode@gnu.org \
--cc=salutis@me.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).