Tim Cross <theophil...@gmail.com> writes: > I do wonder if it would be a good idea to try and document when org will > evaluate code in org files. This would include not just babel block > evaluation, but also elisp evaluation in table formulas, block header > arguments, file option arguments and possibly other subtle cases. This > may enable us to see if we have the granularity of controls correct or > identify inconsistencies and omissions. This information might then be > useful in defining a security model which could then identify what > controls are actually necessary and how to implement them to provide a > more straight-forward configuration for end users. It could also provide > valuable input into what additional tests may be necessary to ensure > things are working as expected.
17.13 Code Evaluation and Security Issues -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
