Should evaluating code blocks require and executable md file?

maaslalani / slides

Terminal based presentation tool

http://maaslalani.com/slides/

MIT License

9.58k stars 263 forks source link

Should evaluating code blocks require and executable md file? #287

Closed vext01 closed 4 months ago

vext01 commented 4 months ago

Describe the bug

I notice that triple tilde blocks require +x on the md file, but triple backtick blocks don't.

In the interest of security, should triple backticks require +x too?

Thanks

maaslalani commented 4 months ago

Hey! No, since the triple backticks are only executed if the user presses a keybind, so that would be the equivalent to the user accepting the consequences for running the command. Whereas triple tildes are run automatically (the user might not have read all of the code) so we explicitly ask for them to make it executable just as a precaution.

vext01 commented 4 months ago

Fair enough.

I do think that #191 is a good idea though.

maaslalani commented 4 months ago

Yep, agreed!