Should evaluating code blocks require and executable md file?
Closed this issue · 3 comments
vext01 commented
Describe the bug
I notice that triple tilde blocks require +x on the md file, but triple backtick blocks don't.
In the interest of security, should triple backticks require +x too?
Thanks
maaslalani commented
Hey! No, since the triple backticks are only executed if the user presses a keybind, so that would be the equivalent to the user accepting the consequences for running the command. Whereas triple tildes are run automatically (the user might not have read all of the code) so we explicitly ask for them to make it executable just as a precaution.
maaslalani commented
Yep, agreed!