git.eshelyaron.com Git - emacs.git/commit

]> git.eshelyaron.com Git - emacs.git/commit

author	Ihor Radchenko <yantar92@posteo.net>
	Fri, 21 Jun 2024 13:45:25 +0000 (15:45 +0200)
committer	Eshel Yaron <me@eshelyaron.com>
	Sat, 22 Jun 2024 20:37:12 +0000 (22:37 +0200)
commit	327e09c2f743c0cf977e275ea2e863e7f52eda0c
tree	ab817309f18c404bf8ecb430c3fcba8465dbd17b	tree \| snapshot
parent	948fc6a1e96132847cf8055bbb0697620876aefa	commit \| diff

org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...)
link abbrevs that specify unsafe function. Instead, display a
warning, and do not expand the abbrev. Clear all the text properties
from the returned link, to avoid any potential vulnerabilities caused
by properties that may contain arbitrary Elisp.

(cherry picked from commit c645e1d8205f0f0663ec4a2d27575b238c646c7c)

lisp/org/ol.el

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom