Trim and explain set of safe forms for 'unsafep' (bug#44018)
* lisp/emacs-lisp/unsafep.el:
Add comment explaining the policy for which forms can be considered
'safe' in the sense of unsafep. Remove ones that didn't make the cut:
play-sound-file (large attack surface)
catch, throw (alter program flow, inject data)
replace-regexp-in-string (execute arbitary code)
error, signal (deceptive messages)
* test/lisp/emacs-lisp/unsafep-tests.el (unsafep-tests--unsafe):
Add test cases.
* etc/NEWS: Announce the change.
projects / emacs.git / commit