From ab968e5a59c8f5fbd56daf6c07a6ef1a7f7976df Mon Sep 17 00:00:00 2001
From: Eshel Yaron <me@eshelyaron.com>
Date: Tue, 8 Apr 2025 07:29:50 +0200
Subject: [PATCH] (trusted-content-p): Check buffer-file-name, not truename

---
 lisp/files.el | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/lisp/files.el b/lisp/files.el
index 6423413357e..68abe814f4b 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -735,27 +735,25 @@ should note that this value must never be set by a major or minor mode."
   "Return non-nil if we trust the contents of the current buffer.
 Here, \"trust\" means that we are willing to run code found inside of it.
 See also `trusted-content'."
-  ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
-  ;; to try and avoid marking as trusted a file that's merely accessed
-  ;; via a symlink that happens to be inside a trusted dir.
   (and (not untrusted-content)
        (or
         (eq trusted-content :all)
         (and
-         buffer-file-truename
+         (or vc-followed-link buffer-file-name)
          (with-demoted-errors "trusted-content-p: %S"
-           (let ((exists (file-exists-p buffer-file-truename)))
-             (let ((file (abbreviate-file-name buffer-file-truename))
-                   (trusted nil))
+           (let* ((file (expand-file-name (or vc-followed-link buffer-file-name)))
+                  (exists (file-exists-p file)))
+             (catch 'ball
                (dolist (tf trusted-content)
-                 (when (or (if exists (file-equal-p tf file) (equal tf file))
-                           ;; We don't use `file-in-directory-p' here, because
-                           ;; we want to err on the conservative side: "guilty
-                           ;; until proven innocent".
-                           (and (string-suffix-p "/" tf)
-                                (string-prefix-p tf file)))
-                   (setq trusted t)))
-               trusted)))))))
+                 (let ((ef (expand-file-name tf)))
+                   (and
+                    (or (if exists (file-equal-p ef file) (equal ef file))
+                        ;; We don't use `file-in-directory-p' here,
+                        ;; because we want to err on the conservative
+                        ;; side: "guilty until proven innocent".
+                        (and (string-suffix-p "/" ef)
+                             (string-prefix-p ef file)))
+                    (throw 'ball t)))))))))))
 
 (defcustom enable-local-eval nil
   "Control processing of the \"variable\" `eval' in a file's local variables.
-- 
2.39.5