[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [O] Org campture recursively expands %-escapes

From: Nicolas Goaziou
Subject: Re: [O] Org campture recursively expands %-escapes
Date: Thu, 26 Nov 2015 13:54:18 +0100


Thomas Preindl <address@hidden> writes:

> setting up my capture templates to work with a new Chrome extension I
> noticed that when i mark some text containing %-escapes inserted with the
> '%i' in the template the %-escape was
> evaluated.
> For example, marking %(print (buffer-name)) will be replaced with
> "*Capture*".
> I am now wondering if this is intended or not and if this could be
> used as a kind of exploit to run code if someone captures code
> from a website.

Judging from `org-capture-fill-template', this is a feature. Worse,
%(...) placeholders, the most dangerous ones, are always expanded last.

I guess the intent is to fill the Sexp with previous placeholders and
then eval it for a proper result (see, e.g., `org-capture-template's

One solution would be to expand recursively Sexp placeholders at the
beginning of `org-capture-fill-template', right after expanding
properties placeholders (i.e., %:property), so as to limit the problem.

We could also remove recursivity for placeholders altogether. It is
buggy anyway (e.g., if a property placeholder introduces another
placeholder, the latter is not expanded).

Question to the ML: is there anyone relying on placeholder recursion?


Nicolas Goaziou

reply via email to

[Prev in Thread] Current Thread [Next in Thread]