From: Max Nikulin <manikulin@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: Lazy load of org-protocol
Date: Sun, 6 Feb 2022 23:42:11 +0700 [thread overview]
Message-ID: <stotp5$lfe$1@ciao.gmane.io> (raw)
In-Reply-To: <9b140f0a-c75e-cf00-0f83-67e5a660935c@gmail.com>
On 06/02/2022 01:27, Jim Porter wrote:
> On 2/5/2022 3:54 AM, Max Nikulin wrote:
> etc/emacsclient-mail.desktop in the Emacs repo does this.) The command
> to use for a new Emacs instance is simple:
>
> emacs -f message-mailto %u
>
> However, doing this for emacsclient is harder:
>
> emacsclient --alternate-editor= --create-frame --eval
> "(message-mailto \\"%u\\")"
>
> There's no problem with "--alternate-editor=" and "--create-frame", but
> the fact that emacsclient requires evaling the function call that way
> is: if %u holds a string with quotation marks, this will break, and
> worse, could even result in arbitrary code being executed. (In practice,
> this is probably rare, since URLs are generally URL-encoded, and so
> don't have literal quotes in them.)
Thank you for suggesting another use case.
Quoting issues was the reason why I started to search a better way.
There should be an easy and safe means to pass argument from command
line to evaluated expressions similar to shell
sh -c 'echo "$1"' example 'Hello, World!'
Some people could not even choose proper quotes for shell command:
https://www.reddit.com/r/emacs/comments/hhbcg7/emacsclient_eval_with_command_line_arguments/
https://stackoverflow.com/questions/8848819/emacs-eval-ediff-1-2-how-to-put-this-line-in-to-shell-script
First recipe and the accepted answer in second source solves the obvious
problem but they miss escaping for elisp expression. Another answer on
stackoverflow is more accurate, it suggests
quoted1=${1//\\/\\\\}; quoted1=${quoted1//\"/\\\"}
I suppose, these links is a good illustration that substitution of
arbitrary argument into lisp expression is harder than it should be to
help users to avoid security issues.
> As a result, I think a good first step might be to add support for
> "--funcall" to emacsclient, just like the regular emacs binary. (The
> "-f" shorthand won't work though, since emacsclient already uses that
> for "--server-file"). This would simplify the `message-mailto' case
> above and would also allow org-protocol to do something similar:
>
> emacsclient --funcall org-protocol-capture %u
No, --funcall is just a sugar for --eval '(func)' that does not contain
arbitrary input, but func has no access to other arguments and it is the
real problem.
I think, the solution is to add -arg command to emacs server protocol
that pushes its argument to a list and extend -exec command that would
make such list available as argv or as `command-line-args-left' for
evaluated expression. Of course, emacsclient option parser should be
modified as well to support --arg option
emacsclient --eval '(func)' --arg 1 2 3
emacsclient --eval '(func)' --arg -- 1 2 3
and maybe even for multiple eval+arg pairs
emacsclient --eval '(f1)' --arg 'a1' --eval '(f2)' --arg 'a2' 'a3'
The proper place to discuss idea is emacs-devel list, but I am afraid
that without a patch it will be just buried.
> emacsclient --eval "(org-protocol-capture \\"%u\\")"
Due to quoting issues a small wrapper may be safer (modulo -a, -c)
emacsclient --eval "(require 'org-protocol)"
emacsclient -- "$@"
next prev parent reply other threads:[~2022-02-06 16:43 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-05 11:54 Lazy load of org-protocol Max Nikulin
2022-02-05 18:27 ` Jim Porter
2022-02-06 16:42 ` Max Nikulin [this message]
2022-02-06 19:40 ` Jim Porter
2022-02-07 14:57 ` Max Nikulin
2022-02-07 19:06 ` Jim Porter
2022-02-09 16:46 ` Max Nikulin
2022-02-09 19:22 ` Jim Porter
2022-02-10 14:44 ` Max Nikulin
2022-02-08 10:44 ` Emacs-orgmode Digest, Vol 192, Issue 8 Tianshu Wang
[not found] <mailman.61.1644253327.32758.emacs-orgmode@gnu.org>
2022-02-08 19:02 ` [PATCH] lisp/org-capture.el: Add hook & hook options to org-capture (Valentin Herrmann) No Wayman
2022-02-09 4:10 ` Ihor Radchenko
2022-02-09 7:11 ` No Wayman
2022-03-20 10:43 ` Ihor Radchenko
2022-02-10 19:32 ` Greg Minshall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.orgmode.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='stotp5$lfe$1@ciao.gmane.io' \
--to=manikulin@gmail.com \
--cc=emacs-orgmode@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).