From: Daniel Mendler via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: Dmitry Gutov <dmitry@gutov.dev>
Cc: 74879@debbugs.gnu.org, Stefan Monnier <monnier@iro.umontreal.ca>,
Stefan Kangas <stefankangas@gmail.com>
Subject: bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers
Date: Mon, 16 Dec 2024 14:41:30 +0100 [thread overview]
Message-ID: <87h6739245.fsf@daniel-mendler.de> (raw)
In-Reply-To: <643a50f9-2128-405b-ae5b-114990b3dfc2@gutov.dev> (Dmitry Gutov's message of "Mon, 16 Dec 2024 15:32:31 +0200")
Dmitry Gutov <dmitry@gutov.dev> writes:
> On 15/12/2024 12:16, Daniel Mendler via Bug reports for GNU Emacs, the Swiss
> army knife of text editors wrote:
>> For example in my GNU ELPA Corfu package the plan was to check
>> `(trusted-content-p)' when starting auto completion.
>
> Shouldn't that be done in the c-a-p-f function?
Yes, this is a more fine-grained approach. Stefan added a check to the
macroexpansion in Emacs 30 which should make the Elisp Capf safe.
But consider other scenarios like Org-babel or Embark. Org-babel can
execute code blocks and Embark can evaluate Sexps at point. For these
cases it makes sense to check if the buffer is safe before running the
action. However in contrast to auto completion one has to press a
special key to trigger the evaluation.
>>To be clear - Corfu
>> is safe by default, since auto completion is disabled by default.
>> However many people enable auto completion unconditionally in all
>> buffers.
>
> Having completion invoked manually doesn't really ensure that the user knows
> about the odds of it running code from the current file. Some languages do that,
> some don't, and the newbie Lisp users have little idea of what macro expansion
> in completion entails.
That's correct. Nevertheless Eshel specifically mentioned auto
completion in his report. I think that the threshold for auto completion
is a little lower - the user enters normal text and potentially code
execution of in-buffer code happens behind the scenes.
Daniel
next prev parent reply other threads:[~2024-12-16 13:41 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-15 0:39 bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 10:16 ` Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 10:47 ` Eli Zaretskii
2024-12-15 10:56 ` Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 11:18 ` Eli Zaretskii
2024-12-15 11:37 ` Ihor Radchenko
2024-12-15 12:29 ` Eli Zaretskii
2024-12-15 12:50 ` Ihor Radchenko
2024-12-15 13:38 ` Eli Zaretskii
2024-12-15 13:46 ` Stefan Kangas
2024-12-16 13:32 ` Dmitry Gutov
2024-12-16 13:41 ` Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2024-12-15 14:03 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 14:30 ` Stefan Kangas
2024-12-15 22:24 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 14:55 ` Gerd Möllmann
2024-12-15 15:10 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 15:16 ` Gerd Möllmann
2024-12-15 18:38 ` Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-15 22:41 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-16 7:52 ` Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-16 12:39 ` Eshel Yaron via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-16 14:31 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-16 9:29 ` Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-16 14:43 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-16 9:43 ` Daniel Mendler via Bug reports for GNU Emacs, the Swiss army knife of text editors
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h6739245.fsf@daniel-mendler.de \
--to=bug-gnu-emacs@gnu.org \
--cc=74879@debbugs.gnu.org \
--cc=dmitry@gutov.dev \
--cc=mail@daniel-mendler.de \
--cc=monnier@iro.umontreal.ca \
--cc=stefankangas@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).