Re: [RFC] [PATCH] allow bind keywords to set safe values

[Nicolas Goaziou <mail@nicolasgoaziou.fr>]

Hello,

Aaron Ecay <aaronecay@gmail.com> writes:

> BIND keywords should be used for controlling export, rather than the
> usual emacs method of setting file local variables
> <http://mid.gmane.org/87eglcbv7g.fsf@selenimh.access.network>.

In this message, I say that file local variables may not replace BIND
keywords (although, I still cannot remember why).

However, BIND keywords cannot replace file local variables, because some
variables are used outside of `org-export-as'. `org-latex-compiler'
comes to mind.

> But, BIND keywords are currently disabled by default. We can’t turn
> these on by default, as maliciously crafted documents could do nasty
> things to a user’s emacs. The attached patch permits many interesting
> usages of BIND keywords by allowing them to set variables by default,
> as long as the value thus set is safe (as implemented by emacs’s
> default file local variable code).

Sounds good.

>  If @code{org-export-allow-bind-keywords} is non-@code{nil}, Emacs variables
> -can become buffer-local during export by using the BIND keyword.  Its syntax
> -is @samp{#+BIND: variable value}.  This is particularly useful for in-buffer
> -settings that cannot be changed using specific keywords.
> +can become buffer-local during export by using the BIND keyword.  Setting the
> +variable to @code{t} allows variables to take on all values.  Setting it to
> +the symbol @code{safe} (the default) only allows safe values.  (@pxref{Safe
> +File Variables,,,emacs,The Emacs Manual}) The syntax of a BIND keyword is
> +@samp{#+BIND: variable value}.  The text of @samp{value} will be passed to
> +the elisp @code{read} function.@footnote{This means that strings should be
> +surrounded with double quotes, but symbols and lists will be read literally
> +and need not be quoted for lisp with a single quote.}  The BIND keyword is
> +particularly useful for in-buffer settings that cannot be changed using
> +specific keywords.@footnote{You should not use the usual emacs local variable
> +convention (@pxref{Specifying File Variables,,,emacs,The Emacs Manual}),
> +because these notations could be lost during the export process.}  It is also
> +useful for collecting common variable settings in a setup file shared between
> +several documents (@pxref{SETUPFILE}).

Maybe an example would be interesting, preferably with a non trivial
value (e.g. a list or a string). WDYT?

> -			       (push (read (format "(%s)" val)) alist)
> +			       (let* ((pair (read (format "(%s)" val))))

`let*' -> `let'


Regards,

-- 
Nicolas Goaziou