[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The `risky-local-variable' blacklist
From: |
Stefan |
Subject: |
Re: The `risky-local-variable' blacklist |
Date: |
31 Aug 2004 18:43:52 -0400 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 |
>> So the "risky" annotation was only added in order to enable potentially
>> dangerous things like "eval" in that variable.
> We may be speaking at cross-purposes, but are you sure about that?
You do not understand. I was speaking very specifically about the
timeclock-mode-string. My comments only apply to variables used as
mode-line-string.
> I realize now that my example about timeclock is silly, because
> `timeclock-mode-string' wasn't dangerous before and isn't now, since it
> has never been included in `mode-line-format' except as a symbol, and
> those are not evaluated twice (so as to execute a form set as its value).
I don't think you understand the reason why timeclock-mode-string was not
dangerous before: timeclock-mode-string can have a value of the form
(:eval <foo>) which means "evaluate <foo> to get the string to display".
So there's clearly something dangerous here. Such evalution-in-mode-string
is new in Emacs-21, so most foo-mode-line-string variable have suddenly been
made dangerous. Instead of going through all those vars and marking them
risky, Emacs-21 decided that "if the var is not marked `risky', then ignore
any of those new :eval special forms". I.e. it's safe either way. but in
order to be able to use the new feature, you need to mark the var as
"risky".
I didn't discuss your general point about risky variables (because I mostly
agree with it).
Stefan