Should evaluating code blocks require and executable md file?

Question

Should evaluating code blocks require and executable md file?

Closed this issue 5 months ago · 3 comments

vext01 commented 5 months ago

Describe the bug

I notice that triple tilde blocks require +x on the md file, but triple backtick blocks don't.

In the interest of security, should triple backticks require +x too?

Thanks

Answer 1 · 2024-04-16T14:45:04.000Z

Hey! No, since the triple backticks are only executed if the user presses a keybind, so that would be the equivalent to the user accepting the consequences for running the command. Whereas triple tildes are run automatically (the user might not have read all of the code) so we explicitly ask for them to make it executable just as a precaution.

Answer 2 · 2024-04-16T14:50:51.000Z

Fair enough.

I do think that #191 is a good idea though.

Answer 3 · 2024-04-16T14:51:47.000Z

Yep, agreed!