On 28/10/2022 10:19, Ihor Radchenko wrote:
Jean Louis writes:
* Max Nikulin [2022-10-27 06:21]:
Expected result:
No code from the Org buffer and linked files is executed prior to
confirmation from the user.
Should that be or is it a general policy for Org mode?
Yes, it is a general policy.
Org should not execute arbitrary Elisp without confirmation, unless the
user customizes the confirmation query to non-default.
There are significantly different contexts: trusted files created
locally and arbitrary files fetched through some link in the web.
Features really convenient in the former case may became a disaster in
the latter.
If a user is prompted to confirm evaluation of each table formula then
spreadsheet feature becomes unusable.
---- >8 ----
Enter value and press =TAB=
| | Value | Result |
|---+-------+--------|
| # | | |
#+tblfm: $3='(progn (message "%s" "pwnd") 0)
---- 8< ----
I suspect a bunch of similar problems with export feature. The ability
to save an .org file as a nicely formatted PDF is great but
simultaneously dangerous for files obtained from the net. I would like
to have safe export, but I am afraid that actually the code would be
fragile.
