Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable

From:	Ihor Radchenko
Subject:	Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Date:	Thu, 29 Dec 2022 16:35:40 +0000

Bastien Guerry <bzg@gnu.org> writes:

> I've skimmed through the discussion but I'm not entirely clear about
> the situation.
>
> Has the situation changed between 9.5 and 9.6?  Tom first message
> seems to suggest it did, but etc/ORG-NEWS does not say.

I considered this change as a bugfix. Though it was more user-facing
than I anticipated.

What changed: The prompt previously displayed on code block evaluation
is now also displayed when expanding header arguments:

#+begin_src emacs-lisp :var x = (message "pwned!")
(concat x "foo")
#+end_src

Before Org 9.6:
1. "pwned!" is displayed
2. Query to evaluate code block is displayed

Org 9.6:
1. Query to evaluate (message "pwned!") is displayed
2. If confirmed, it is evaluated
3. Query to evaluate the whole code block is displayed

> Whether it changed or not, what is the problem in 9.6?

The problem is that Org now displays more queries.

> How does the patch solves this problem?

It allows disabling these new queries about lisp evaluation outside
code blocks without disabling code block eval confirmation completely.

I later suggested disabling the queries by default - mimicking the pre
9.6 behaviour yet keeping the ability for concerned users enable the
extra confirmation.

> Is it a temporary change while we wait for a better change?

Yes. Ideally, we need to improve the code evaluation query. It should
allow confirming evaluation in bulk and add some code blocks/files to
whitelist. Similar to `org--confirm-resource-safe'.

> In particular, I'm not sure I understand why this should be added to
> 9.6.1---I'm not opposed to it, I just try to understand.

A concern have been expressed that more queries may annoy users and
drive them towards setting `org-confirm-babel-evaluate' to nil globally.
Upon doing this, the future more flexible security queries may be not
used by such users.

> Also, org-confirm-babel-evaluate-table-cell seems more explicit than
> org-confirm-babel-evaluate-cell.

But it will not be accurate. The query is now displayed upon executing
`org-babel-read' -- cell refers to Elisp code "cell" here. Not to a
table cell.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable, (continued)

Prev by Date: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Next by Date: Re: For your consideration: Extending org-info-js with additional hooks
Previous by thread: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Next by thread: Re: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
Index(es):
- Date
- Thread