projects / emacs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 50a237c) | patch
org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
authorIhor Radchenko <yantar92@posteo.net>
Fri, 21 Jun 2024 13:45:25 +0000 (15:45 +0200)
committerStefan Kangas <stefankangas@gmail.com>
Fri, 21 Jun 2024 22:54:36 +0000 (00:54 +0200)
commitc645e1d8205f0f0663ec4a2d27575b238c646c7c
tree0b80f9172defcc30b279718f9742c1732d16a4bctree | snapshot
parent50a237c4689b0531e82d5f731ae7c825f3d43310commit | diff
org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...)
link abbrevs that specify unsafe function.  Instead, display a
warning, and do not expand the abbrev.  Clear all the text properties
from the returned link, to avoid any potential vulnerabilities caused
by properties that may contain arbitrary Elisp.
lisp/org/ol.el diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.