[PATCH] Re: [BUG] Make org-html-htmlize-output-type safe [9.5.2 (release_9.5.2-9-g7ba24c @ /Users/salutis/src/emacs/nextstep/Emacs.app/Contents/Resources/lisp/org/)]

Mon, 17 Oct 2022 05:52:16 -0700 

Rudolf Adamkovič <salu...@me.com> writes:

> In some of my notes, I have the following line:
>
> # -*- org-html-htmlize-output-type: nil -*-
>
> Every time I open such a file, Emacs wants me to confirm that doing so
> poses no security risk.  Could we perhaps make this variable safe?

Can be done. Like in the attached patch.
However, note that Emacs will still want about buffer-local setting if
ox-html is not loaded.

The same will happen with any other "safe" variable defined in Org
libraries that are not loaded by default.

I am wondering if we should add autoload cookies to such variables.


>From 5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2 Mon Sep 17 00:00:00 2001
Message-Id: <5779ce5f5a05aa4e4f76d85eae1c1e324a77dea2.1666010682.git.yanta...@posteo.net>
From: Ihor Radchenko <yanta...@posteo.net>
Date: Mon, 17 Oct 2022 20:43:59 +0800
Subject: [PATCH] org-html-htmlize-output-type: Mark safe as buffer-local
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* lisp/ox-html.el (org-html-htmlize-output-type): This variable is
safe to set buffer-locally as a symbol.

Reported-by: Rudolf Adamkovič <salu...@me.com>
Link: https://orgmode.org/list/m28ruxklo5....@me.com
---
 lisp/ox-html.el | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lisp/ox-html.el b/lisp/ox-html.el
index cad06aebf..c34711d1e 100644
--- a/lisp/ox-html.el
+++ b/lisp/ox-html.el
@@ -897,7 +897,8 @@ (defcustom org-html-htmlize-output-type 'inline-css
 in all modes you want.  Then, use the command
 `\\[org-html-htmlize-generate-css]' to extract class definitions."
   :group 'org-export-html
-  :type '(choice (const css) (const inline-css) (const nil)))
+  :type '(choice (const css) (const inline-css) (const nil))
+  :safe #'symbolp)
 
 (defcustom org-html-htmlize-font-prefix "org-"
   "The prefix for CSS class names for htmlize font specifications."
-- 
2.35.1


-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

Reply via email to