Max Nikulin <maniku...@gmail.com> writes: >> Should we then extend `org-babel-check-evaluate' to accept "All" answer >> in the coming bugfix release? > > I would consider reverting the commit causing user prompt for every > variable.
I disagree. If anything, we can set the default value of `org-confirm-babel-evaluate-cell' to nil and apply this patch. Then, we can get the old behaviour back yet allowing concerned users to have more security. > ... I believe, there should be single prompt on attempt to execute > a source block. I admit it is not easy to implement. This patch does not only affect src blocks. It affects all the users of `org-babel-read'. Note that my suggestion about "All" may as well include "All in current block/Yes". It should not be too hard to implement, I think. > I am not comfortable with attempts to consider Org as a format for web > browser similar to HTML: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=58774 > Features great for personal notebooks and authoring of documents are > disaster for documents from non-trusted sources. > > In particular, I consider the following reaction as unreasonably > optimistic. I am afraid, a lot of work is required to achieve such goal. > > https://list.orgmode.org/Y1uFDWOjZb85lk+3@protected.localdomain > Re: [BUG][Security] begin_src :var evaluated before the prompt to > confirm execution How is it related to the current discussion? The purpose of the security feature discussed here is not for web browsers or anything like that. -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
