[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#66485: 13.2.1; preview-scale-function should be safe for numberp
From: |
David Kastrup |
Subject: |
bug#66485: 13.2.1; preview-scale-function should be safe for numberp |
Date: |
Sun, 15 Oct 2023 13:13:14 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Arash Esbati <arash@gnu.org> writes:
> David Kastrup <dak@gnu.org> writes:
>
>> Arash Esbati <arash@gnu.org> writes:
>>
>>> I think this is a reasonable change. What do others think?
>>
>> Iam not sure what happens if you put, say, 10000 in there.
>
> Maybe I'm missing the point, but how is this related to allowing
> `preview-scale-function' as a file local variable?
It is allowed as a file variable. The setting is about when Emacs will
ask back before setting a variable to a possibly malicious value when
using Emacs as the application to view/edit externally provided files
from unverified sources.
And you can respond to that prompt by stating that a particular setting
should always be allowed in future.
> One could customize the variable globally to 10000 and the result
> would be the same?
Sure, but that is not an attack vector. If someone has access to
customize, worrying about safety is already over.
> BTW, I don't know either what happens if one puts 10000 there.
The question is whether this should be enough of a worry to stop such
settings to take effect automatically. I am not saying that it should,
just that this is the metric for making this change.
--
David Kastrup
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Philipp G. Haselwarter, 2023/10/12
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Arash Esbati, 2023/10/14
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, David Kastrup, 2023/10/14
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Arash Esbati, 2023/10/15
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp,
David Kastrup <=
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Philipp G. Haselwarter, 2023/10/15
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Arash Esbati, 2023/10/16
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, David Kastrup, 2023/10/16
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Arash Esbati, 2023/10/16
- bug#66485: 13.2.1; preview-scale-function should be safe for numberp, Arash Esbati, 2023/10/17