bug-auctex
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66485: 13.2.1; preview-scale-function should be safe for numberp

From: David Kastrup
Subject: bug#66485: 13.2.1; preview-scale-function should be safe for numberp
Date: Sun, 15 Oct 2023 13:13:14 +0200
User-agent: Gnus/5.13 (Gnus v5.13) 
Arash Esbati <arash@gnu.org> writes:

> David Kastrup <dak@gnu.org> writes:
>
>> Arash Esbati <arash@gnu.org> writes:
>>
>>> I think this is a reasonable change.  What do others think?
>>
>> Iam not sure what happens if you put, say, 10000 in there.
>
> Maybe I'm missing the point, but how is this related to allowing
> `preview-scale-function' as a file local variable?

It is allowed as a file variable.  The setting is about when Emacs will
ask back before setting a variable to a possibly malicious value when
using Emacs as the application to view/edit externally provided files
from unverified sources.

And you can respond to that prompt by stating that a particular setting
should always be allowed in future.

> One could customize the variable globally to 10000 and the result
> would be the same?

Sure, but that is not an attack vector.  If someone has access to
customize, worrying about safety is already over.

> BTW, I don't know either what happens if one puts 10000 there.

The question is whether this should be enough of a worry to stop such
settings to take effect automatically.  I am not saying that it should,
just that this is the metric for making this change.

-- 
David Kastrup
reply via email to
[Prev in Thread] Current Thread [Next in Thread]