[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Re: [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release
|
From: |
Ihor Radchenko |
|
Subject: |
[PATCH] Re: [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)] |
|
Date: |
Mon, 17 Oct 2022 12:47:18 +0000 |
Rudolf Adamkovič <salutis@me.com> writes:
> In some of my notes, I have the following line:
>
> # -*- org-html-htmlize-output-type: nil -*-
>
> Every time I open such a file, Emacs wants me to confirm that doing so
> poses no security risk. Could we perhaps make this variable safe?
Can be done. Like in the attached patch.
However, note that Emacs will still want about buffer-local setting if
ox-html is not loaded.
The same will happen with any other "safe" variable defined in Org
libraries that are not loaded by default.
I am wondering if we should add autoload cookies to such variables.
>From 5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2 Mon Sep 17 00:00:00 2001
Message-Id:
<5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2.1666010682.git.yantar92@posteo.net>
From: Ihor Radchenko <yantar92@posteo.net>
Date: Mon, 17 Oct 2022 20:43:59 +0800
Subject: [PATCH] org-html-htmlize-output-type: Mark safe as buffer-local
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* lisp/ox-html.el (org-html-htmlize-output-type): This variable is
safe to set buffer-locally as a symbol.
Reported-by: Rudolf Adamkovič <salutis@me.com>
Link: https://orgmode.org/list/m28ruxklo5.fsf@me.com
---
lisp/ox-html.el | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lisp/ox-html.el b/lisp/ox-html.el
index cad06aebf..c34711d1e 100644
--- a/lisp/ox-html.el
+++ b/lisp/ox-html.el
@@ -897,7 +897,8 @@ (defcustom org-html-htmlize-output-type 'inline-css
in all modes you want. Then, use the command
`\\[org-html-htmlize-generate-css]' to extract class definitions."
:group 'org-export-html
- :type '(choice (const css) (const inline-css) (const nil)))
+ :type '(choice (const css) (const inline-css) (const nil))
+ :safe #'symbolp)
(defcustom org-html-htmlize-font-prefix "org-"
"The prefix for CSS class names for htmlize font specifications."
--
2.35.1
--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] Re: [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)],
Ihor Radchenko <=