Max Nikulin <maniku...@gmail.com> writes: >> I do not see why we cannot change it to use emacs instead of >> pandoc to render html. > > It is challenging to implement proper sandboxing for elisp. Otherwise > risk of arbitrary code execution exploits is excessively high. My > impression from some comments is that GitHub security team performed > audit of org-ruby.
If we ever go that way, emacs should be running in a container anyway. And we will need to disable all the possible code evaluations features during export, of course. Remember that our goal is not sandboxing elisp but rather sandboxing export process. The latter is hopefully doable. -- Ihor Radchenko // yantar92, Org mode maintainer, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
