Mark bibliography path variables as safe for local

Question

Mark bibliography path variables as safe for local

BlueDrink9 opened this issue 3 years ago · 9 comments

#348 showcases the usefulness of setting the bibliography as a local variable. However, to do so for all possible bibliography paths requires that the user allow all unsafe variables, or ask each time. Otherwise, emacs will ignore the "unsafe local variable".

An alternative would be to mark the bibliography and other path variables as safe.
This link seems to show how to do so
https://stackoverflow.com/questions/19806176/in-emacs-how-do-i-make-a-local-variable-safe-to-be-set-in-a-file-for-all-possibl

Answer 1 · 2021-09-22T08:23:25.000Z

Good idea but I think this may be something the user is supposed to configure. Not sure whether it's considered good form to do that in a package. Are you aware of an existing package that sets variables to safe?

Answer 2 · 2021-09-22T22:52:32.000Z

Oh, my understanding (I am new to elisp) was that it had to be done at variable declaration. That's what #348 seemed to be suggesting, otherwise I was unclear why they didn't do it themselves.

I don't know of any precedent for other packages, but I can go hunting for some. I'm new to emacs though so it might take a while.

Answer 3 · 2021-09-23T08:43:02.000Z

Oh, my understanding (I am new to elisp) was that it had to be done at variable declaration

To be honest, I'm not sure and reading the relevant Emacs documentation didn't help me. It's also not clear what exactly they mean by "safe". Safe in terms of computer security or safe in terms of the code doesn't break when a buffer can have its own value for the variable.

Answer 4 · 2021-09-23T20:26:06.000Z

I read it as "safe" in terms of security. In other words, if it were changed to some nefarious string, would it do damage (barring some sort of string overflow exploit or something). The examples on the wiki, from memory, were paths to find elisp code files to run.

For this variable, unless it gets evaled, or the contents of the bibliography get evaled, I would expect it to be safe

Answer 5 · 2021-10-01T13:36:14.000Z

However, to do so for all possible bibliography paths requires that the user allow all unsafe variables, or ask each time

Question: When I open a file with a local variable value, Emacs asks whether this variable is safe. Possible responses are yes, no, and permanently yes. When I choose the latter, I will not be asked next time. Neither for this file or any other file with that variable. So users have to indicate just once that this variable is safe not every time as you say. I think this is a non-issue then. Or I'm misunderstanding the problem. Could you please clarify? Thanks.

Answer 6 · 2021-10-04T02:06:18.000Z

Hmm, for me, I thought that permanently yes only applies for the current value, but applies across all sessions rather than just this one. I was being asked once each startup, but that might be something else in my config. Even if it is as you say, it is a nuisance to have to do it for every writing project on every machine, so I think there would definitely still be utility to making this change.

Answer 7 · 2021-10-04T07:36:50.000Z

Ah, you're right. It's per value. Sorry. In this case, I will ask on the emacs development mailing list what the policy is.

Answer 8 · 2021-10-07T02:57:47.000Z

Thanks, appreciate it

Answer 9 · 2021-10-19T13:07:07.000Z

Just pushed a commit that should make bibtex-completion-bibliography safe for local use. Please test.