From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Daniel Mendler via "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#74879: 30.0.92;
 trusted-content-p and trusted-files cannot be used for non-file
 buffers
Date: Mon, 16 Dec 2024 14:41:30 +0100
Message-ID: <87h6739245.fsf@daniel-mendler.de>
References: <87ed29ixu8.fsf@daniel-mendler.de>
 <875xnlfdzi.fsf@daniel-mendler.de>
 <643a50f9-2128-405b-ae5b-114990b3dfc2@gutov.dev>
Reply-To: Daniel Mendler <mail@daniel-mendler.de>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="26225"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: 74879@debbugs.gnu.org, Stefan Monnier <monnier@iro.umontreal.ca>,
 Stefan Kangas <stefankangas@gmail.com>
To: Dmitry Gutov <dmitry@gutov.dev>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Dec 16 14:42:22 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1tNBMc-0006gK-0y
	for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 16 Dec 2024 14:42:22 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1tNBMQ-0006t3-M4; Mon, 16 Dec 2024 08:42:11 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tNBMJ-0006sC-3Q
 for bug-gnu-emacs@gnu.org; Mon, 16 Dec 2024 08:42:05 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tNBMI-0003uS-JT
 for bug-gnu-emacs@gnu.org; Mon, 16 Dec 2024 08:42:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=IdR9fiFDZj9uXSGNuPxJD9MsBT1/Vy/1Tc/Zq5w7nGs=; 
 b=h4ousgTtRCr3xX55oFfTOwpm3AojFPrrPNBPwGQmP4SlTM6bqvcyVpAVOQbrFCrnWHEKDEHQqYpXLGCm9JI0xxpfXOL9qlh7S0IFjcU3rxEwbeSIGtx1130scyWzSGGoU7oToToVneNlp29K3DxNEVlHeQATEmn6JRxjLdaPg2hjZy2WRgyPvpgyKH7DktLBSilDwYyQN++xnXCfV8y7BKlPCl/juNZw7so/DhagxPTRTvGpO53Zr4arXmrjuZ2jOZGQwXesYgkMhGir4cO8EPv8N0njSLzspxicsNZuZRmQ8hiUONQbgZiUx7CdRXdtP6Kp+Y6D0b04LeC4+hUjAw==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tNBMH-0001xK-LM
 for bug-gnu-emacs@gnu.org; Mon, 16 Dec 2024 08:42:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Daniel Mendler <mail@daniel-mendler.de>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 16 Dec 2024 13:42:01 +0000
Resent-Message-ID: <handler.74879.B74879.17343565027478@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 74879
X-GNU-PR-Package: emacs
Original-Received: via spool by 74879-submit@debbugs.gnu.org id=B74879.17343565027478
 (code B ref 74879); Mon, 16 Dec 2024 13:42:01 +0000
Original-Received: (at 74879) by debbugs.gnu.org; 16 Dec 2024 13:41:42 +0000
Original-Received: from localhost ([127.0.0.1]:53997 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tNBLx-0001wY-Me
 for submit@debbugs.gnu.org; Mon, 16 Dec 2024 08:41:42 -0500
Original-Received: from server.qxqx.de ([49.12.34.165]:59029 helo=mail.qxqx.de)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mail@daniel-mendler.de>) id 1tNBLv-0001wH-2S
 for 74879@debbugs.gnu.org; Mon, 16 Dec 2024 08:41:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=daniel-mendler.de; s=key; h=Content-Type:MIME-Version:Message-ID:Date:
 References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=IdR9fiFDZj9uXSGNuPxJD9MsBT1/Vy/1Tc/Zq5w7nGs=; b=fcfphyqGf+achiCM2QarbKZ6v5
 IVBOyWe1tjoFuHBXwGnZVsBcq5ZwpAGxhcQuUbOpNSW3OXmDVN6HfPnOzmiN06YfHR/4fou6JX45a
 uDAbLsxX9arIF44EKJoMlFCPS3vg6TCDOm/728IOdxMATCT3NLxlWzSze9w/DWs5xgCA=;
In-Reply-To: <643a50f9-2128-405b-ae5b-114990b3dfc2@gutov.dev> (Dmitry Gutov's
 message of "Mon, 16 Dec 2024 15:32:31 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:297170
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/297170>

Dmitry Gutov <dmitry@gutov.dev> writes:

> On 15/12/2024 12:16, Daniel Mendler via Bug reports for GNU Emacs, the Swiss
> army knife of text editors wrote:
>> For example in my GNU ELPA Corfu package the plan was to check
>> `(trusted-content-p)' when starting auto completion.
>
> Shouldn't that be done in the c-a-p-f function?

Yes, this is a more fine-grained approach. Stefan added a check to the
macroexpansion in Emacs 30 which should make the Elisp Capf safe.

But consider other scenarios like Org-babel or Embark. Org-babel can
execute code blocks and Embark can evaluate Sexps at point. For these
cases it makes sense to check if the buffer is safe before running the
action. However in contrast to auto completion one has to press a
special key to trigger the evaluation.

>>To be clear - Corfu
>> is safe by default, since auto completion is disabled by default.
>> However many people enable auto completion unconditionally in all
>> buffers.
>
> Having completion invoked manually doesn't really ensure that the user knows
> about the odds of it running code from the current file. Some languages do that,
> some don't, and the newbie Lisp users have little idea of what macro expansion
> in completion entails.

That's correct. Nevertheless Eshel specifically mentioned auto
completion in his report. I think that the threshold for auto completion
is a little lower - the user enters normal text and potentially code
execution of in-buffer code happens behind the scenes.

Daniel