[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: query-replace-interactive

From: David Kastrup
Subject: Re: query-replace-interactive
Date: 06 Jul 2004 14:09:57 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50

Richard Stallman <address@hidden> writes:

>     Calling `perform-replace' directly is not good because it skips many
>     useful things implemented in interactive commands which call it.
>     Most useful of them is recently added handling of \, and \# in
>     `query-replace-read-args'.
> Why are these implemented in the interactive commands
> andnot in perform-replace directly?

Basically because they are actually more like a user-friendly frontend
to query-replace-regexp-eval functionality than a command of their
own.  Since arbitrary code can be executed by `\,', existing uses of
all replacement commands in Lisp programs would have different
implications for security.  I did not want to introduce security
relevant changes in the middle of the release consolidation.

As long as the automatic evaluation of stuff is restricted to
interactive usage, and as long as you can easily cut&paste the
respective generated Lisp calls with C-x ESC ESC, I think that there
are no security concerns in connection with the new functionality.

Now `\#' is harmless in this regard compared to `\,', but I don't
think that there is much of a point in splitting just `\#' off to a
different place.

David Kastrup, Kriemhildstr. 15, 44793 Bochum

reply via email to

[Prev in Thread] Current Thread [Next in Thread]