search

johanwk / elot

Emacs Literate Ontology Tool
GNU General Public License v3.0
7 stars 3 forks source link

org-confirm-babel-evaluate function #7

Closed VladimirAlexiev closed 5 months ago

VladimirAlexiev commented 6 months ago

A part of #3 is that org-confirm-babel-evaluate nil is unsafe.

Here's what I have in my dot-emacs:

(setq va/org-babel-diagramming-languages
      '("dot" "ditaa" "plantuml" "salt"))

(defcustom va/org-babel-safe-languages '("sparql")
  "Which org-babel languages are considered safe for execution.
(in addition to va/org-babel-diagramming-languages).
Can be set as a local file variable.")

(put 'va/org-babel-safe-languages 'safe-local-variable 'va/org-babel-safe-languages-value)

(defun va/org-babel-safe-languages-value (list)
  "Determine whether the arg is a valid LIST of loaded org-babel languages."
  (let ((langs (mapcar 'symbol-name (mapcar 'car org-babel-load-languages))))
    (if (member "shell" langs)
        ;; shell -> sh bash zsh ... (because a "shell" code block invokes CMD yuikes)
        (setq langs (append org-babel-shell-names langs)))
    (subsetp list langs :test 'string-equal)))

(setq org-confirm-babel-evaluate ;; ask if code should be evaluated
      (defun va/org-confirm-babel-evaluate (lang src)
        "These languages are considered safe, so don't confirm"
        (not (member lang
                     (append va/org-babel-safe-languages
                             va/org-babel-diagramming-languages)))))

It's a bit over-complicated. We can just say that plantuml and sparql are safe:

(setq org-confirm-babel-evaluate ;; ask if code should be evaluated
      (defun elot-org-confirm-babel-evaluate (lang src)
        "These languages are considered safe, so don't confirm"
        (not (member lang `(plantuml sparql))))
johanwk commented 5 months ago

I think there's a problem here, in that there are elisp blocks of code that are used liberally for

Asking for user confirmation for elisp is therefore quite disturbing for the user. The following post, permit evaluation, indicates that one should be able to add :eval yes to code blocks and thereby evade the confirmation for selected contents, but apparently it doesn't work. So this issue is one to come back to.

johanwk commented 5 months ago

In e3b23c0f2f13baa62600043eb79edb05fad3bedb I removed the setting "allow anything". org-confirm-babel-evaluate is set as a local variable inside an ontology document anyway.

johanwk commented 5 months ago

Since the setting is buffer local, closing this as good enough.