Mark H Weaver <m...@netris.org> skribis: > My position is that the current coding-auto-detection behavior of > 'open-file' is likely to lead to security flaws in software built using > Guile. The issue is that programs that receive text from an untrusted > source, write those strings to a file, and then read them back in, is > potentially vulnerable to hostile coding declarations inserted within > those strings.
The way Emacs handles this is that it detects the ‘coding:’ cookie and automatically switches the encoding accordingly. Just mentioning it, because we seem to be hesitant between two opposite solutions in the design space: one is Emacs, designed to make things work by default in practical cases, and the other is POSIX, designed to leave programmers with all the power of a chainsaw. Ludo’.
