[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[O] [RFC] [PATCH] allow bind keywords to set safe values

From: Aaron Ecay
Subject: [O] [RFC] [PATCH] allow bind keywords to set safe values
Date: Fri, 06 Nov 2015 18:09:28 +0000
User-agent: Notmuch/0.20.2+65~gbd5504e (http://notmuchmail.org) Emacs/ (x86_64-unknown-linux-gnu)

Hello all,

BIND keywords should be used for controlling export, rather than the
usual emacs method of setting file local variables
<http://mid.gmane.org/address@hidden>.  But,
BIND keywords are currently disabled by default.  We can’t turn these on
by default, as maliciously crafted documents could do nasty things to a
user’s emacs.  The attached patch permits many interesting usages of
BIND keywords by allowing them to set variables by default, as long as
the value thus set is safe (as implemented by emacs’s default file local
variable code).

Comments welcome.


Aaron Ecay
>From a0650372cafa6debf1465624c2cc23dd01aa7083 Mon Sep 17 00:00:00 2001
From: Aaron Ecay <address@hidden>
Date: Fri, 6 Nov 2015 17:51:09 +0000
Subject: [PATCH] Allow bind keywords to set safe values

* lisp/ox.el (org-export-allow-bind-keywords): Add new `safe' value.
(org-export--list-bound-variables): Use it.
* doc/org.texi (Export settings): Update doc.
 doc/org.texi | 18 +++++++++++++++---
 lisp/ox.el   | 20 ++++++++++++++++----
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/doc/org.texi b/doc/org.texi
index c57cc41..6abf5ad 100644
--- a/doc/org.texi
+++ b/doc/org.texi
@@ -10708,6 +10708,7 @@ properties (@pxref{Properties and columns}).  Options 
set at a specific level
 override options set at a more general level.
 @cindex #+SETUPFILE
 In-buffer settings may appear anywhere in the file, either directly or
 indirectly through a file included using @samp{#+SETUPFILE: filename} syntax.
 Option keyword sets tailored to a particular back-end can be inserted from
@@ -10948,9 +10949,20 @@ properties.
 @cindex #+BIND
 @vindex org-export-allow-bind-keywords
 If @code{org-export-allow-bind-keywords} is address@hidden, Emacs variables
-can become buffer-local during export by using the BIND keyword.  Its syntax
-is @samp{#+BIND: variable value}.  This is particularly useful for in-buffer
-settings that cannot be changed using specific keywords.
+can become buffer-local during export by using the BIND keyword.  Setting the
+variable to @code{t} allows variables to take on all values.  Setting it to
+the symbol @code{safe} (the default) only allows safe values.  (@pxref{Safe
+File Variables,,,emacs,The Emacs Manual}) The syntax of a BIND keyword is
address@hidden: variable value}.  The text of @samp{value} will be passed to
+the elisp @code{read} address@hidden means that strings should be
+surrounded with double quotes, but symbols and lists will be read literally
+and need not be quoted for lisp with a single quote.}  The BIND keyword is
+particularly useful for in-buffer settings that cannot be changed using
+specific address@hidden should not use the usual emacs local variable
+convention (@pxref{Specifying File Variables,,,emacs,The Emacs Manual}),
+because these notations could be lost during the export process.}  It is also
+useful for collecting common variable settings in a setup file shared between
+several documents (@pxref{SETUPFILE}).
 @cindex property, EXPORT_FILE_NAME
 The name of the output file to be generated is taken from the file associated
diff --git a/lisp/ox.el b/lisp/ox.el
index eb1af9b..e257c1f 100644
--- a/lisp/ox.el
+++ b/lisp/ox.el
@@ -832,14 +832,22 @@ can also be set with the OPTIONS keyword, e.g.  
   :group 'org-export-general
   :type 'boolean)
-(defcustom org-export-allow-bind-keywords nil
+(defcustom org-export-allow-bind-keywords 'safe
   "Non-nil means BIND keywords can define local variable values.
 This is a potential security risk, which is why the default value
-is nil.  You can also allow them through local buffer variables."
+is nil.  You can also allow them through local buffer variables.
+See the documentation for `safe-local-variable-p' and the
+node (info \"(emacs) Safe File Variables\") for information on
+the safety setting."
   :group 'org-export-general
   :version "24.4"
   :package-version '(Org . "8.0")
-  :type 'boolean)
+  :type '(choice
+         (const :tag "Never" nil)
+         (const :tag "Only if safe" safe)
+         (const :tag "Always" t))
+  :safe (lambda (x) (memq x '(nil safe))))
 (defcustom org-export-with-broken-links nil
   "Non-nil means do not raise an error on broken links.
@@ -1646,7 +1654,11 @@ an alist where associations are (VARIABLE-NAME VALUE)."
                         (let ((val (org-element-property :value element)))
                           (if (equal (org-element-property :key element)
-                              (push (read (format "(%s)" val)) alist)
+                              (let* ((pair (read (format "(%s)" val))))
+                                (when (or (eq org-export-allow-bind-keywords t)
+                                          (safe-local-variable-p
+                                           (nth 0 pair) (nth 1 pair)))
+                                  (push pair alist)))
                             ;; Enter setup file.
                             (let ((file (expand-file-name
                                          (org-remove-double-quotes val))))

reply via email to

[Prev in Thread] Current Thread [Next in Thread]