Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mark bibliography path variables as safe for local #389

Closed
BlueDrink9 opened this issue Sep 22, 2021 · 9 comments
Closed

Mark bibliography path variables as safe for local #389

BlueDrink9 opened this issue Sep 22, 2021 · 9 comments

Comments

@BlueDrink9
Copy link

#348 showcases the usefulness of setting the bibliography as a local variable. However, to do so for all possible bibliography paths requires that the user allow all unsafe variables, or ask each time. Otherwise, emacs will ignore the "unsafe local variable".

An alternative would be to mark the bibliography and other path variables as safe.
This link seems to show how to do so
https://stackoverflow.com/questions/19806176/in-emacs-how-do-i-make-a-local-variable-safe-to-be-set-in-a-file-for-all-possibl

@tmalsburg
Copy link
Owner

Good idea but I think this may be something the user is supposed to configure. Not sure whether it's considered good form to do that in a package. Are you aware of an existing package that sets variables to safe?

@BlueDrink9
Copy link
Author

Oh, my understanding (I am new to elisp) was that it had to be done at variable declaration. That's what #348 seemed to be suggesting, otherwise I was unclear why they didn't do it themselves.

I don't know of any precedent for other packages, but I can go hunting for some. I'm new to emacs though so it might take a while.

@tmalsburg
Copy link
Owner

Oh, my understanding (I am new to elisp) was that it had to be done at variable declaration

To be honest, I'm not sure and reading the relevant Emacs documentation didn't help me. It's also not clear what exactly they mean by "safe". Safe in terms of computer security or safe in terms of the code doesn't break when a buffer can have its own value for the variable.

@BlueDrink9
Copy link
Author

I read it as "safe" in terms of security. In other words, if it were changed to some nefarious string, would it do damage (barring some sort of string overflow exploit or something). The examples on the wiki, from memory, were paths to find elisp code files to run.

For this variable, unless it gets evaled, or the contents of the bibliography get evaled, I would expect it to be safe

@tmalsburg
Copy link
Owner

However, to do so for all possible bibliography paths requires that the user allow all unsafe variables, or ask each time

Question: When I open a file with a local variable value, Emacs asks whether this variable is safe. Possible responses are yes, no, and permanently yes. When I choose the latter, I will not be asked next time. Neither for this file or any other file with that variable. So users have to indicate just once that this variable is safe not every time as you say. I think this is a non-issue then. Or I'm misunderstanding the problem. Could you please clarify? Thanks.

@BlueDrink9
Copy link
Author

Hmm, for me, I thought that permanently yes only applies for the current value, but applies across all sessions rather than just this one. I was being asked once each startup, but that might be something else in my config. Even if it is as you say, it is a nuisance to have to do it for every writing project on every machine, so I think there would definitely still be utility to making this change.

@tmalsburg
Copy link
Owner

Ah, you're right. It's per value. Sorry. In this case, I will ask on the emacs development mailing list what the policy is.

@BlueDrink9
Copy link
Author

Thanks, appreciate it

@tmalsburg
Copy link
Owner

Just pushed a commit that should make bibtex-completion-bibliography safe for local use. Please test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants