Another IRC user, technomancy, created a fork of restclient today
after noticing some evals.
Here's the new repository:
https://git.sr.ht/~technomancy/restclient.el
The delta is fairly small, simply guarding these behind options (which
can be setup per "trusted" file/buffer). I'm sure he'd be interested
in your further thoughts if you happen to be an IRC user; I'm not sure
how much work he plans to put into this other than immediately
offering "a simple fix" believing the package might be somewhat
undermaintained currently.
My understanding is he is still researching to full understand how the
package works and the full (potentially quite narrow) scope
information that could wind up fed to these evals. Unfortunately, it
is slightly twisty (and rather undocumented).
Here's the upstream for the fork, focusing on a couple evals discussed
on IRC today:
https://github.com/pashky/restclient.el/blob/master/restclient.el#L466-L479
https://github.com/pashky/restclient.el/blob/master/restclient.el#L606-L610
---
via emacs-tangents mailing list
(https://lists.gnu.org/mailman/listinfo/emacs-tangents)
