emacs/lisp/org, branch show Emacs is the extensible, customizable, self-documenting real-time display editor. org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code 2024-06-21T22:54:36+00:00 Ihor Radchenko 2024-06-21T13:45:25+00:00 c645e1d8205f0f0663ec4a2d27575b238c646c7c * lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...) link abbrevs that specify unsafe function. Instead, display a warning, and do not expand the abbrev. Clear all the text properties from the returned link, to avoid any potential vulnerabilities caused by properties that may contain arbitrary Elisp. 
* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...)
link abbrevs that specify unsafe function.  Instead, display a
warning, and do not expand the abbrev.  Clear all the text properties
from the returned link, to avoid any potential vulnerabilities caused
by properties that may contain arbitrary Elisp.
org--confirm-resource-safe: Fix prompt when prompting in non-file Org buffers 2024-03-24T12:41:26+00:00 Ihor Radchenko 2024-02-23T09:56:58+00:00 7a5d7be52c5f0690ee47f30bfad973827261abf2 * lisp/org/org.el (org--confirm-resource-safe): When called from non-file buffer, do not put stray "f" in the prompt. 
* lisp/org/org.el (org--confirm-resource-safe): When called from
non-file buffer, do not put stray "f" in the prompt.
org-file-contents: Consider all remote files unsafe 2024-03-24T12:41:10+00:00 Ihor Radchenko 2024-02-20T11:59:20+00:00 2bc865ace050ff118db43f01457f95f95112b877 * lisp/org/org.el (org-file-contents): When loading files, consider all remote files (like TRAMP-fetched files) unsafe, in addition to URLs. 
* lisp/org/org.el (org-file-contents): When loading files, consider all
remote files (like TRAMP-fetched files) unsafe, in addition to URLs.
org-latex-preview: Add protection when `untrusted-content' is non-nil 2024-03-24T12:40:48+00:00 Ihor Radchenko 2024-02-20T09:47:24+00:00 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c * lisp/org/org.el (org--latex-preview-when-risky): New variable controlling how to handle LaTeX previews in Org files from untrusted origin. (org-latex-preview): Consult `org--latex-preview-when-risky' before generating previews. This patch adds a layer of protection when LaTeX preview is requested for an email attachment, where `untrusted-content' is set to non-nil. 
* lisp/org/org.el (org--latex-preview-when-risky): New variable
controlling how to handle LaTeX previews in Org files from untrusted
origin.
(org-latex-preview): Consult `org--latex-preview-when-risky' before
generating previews.

This patch adds a layer of protection when LaTeX preview is requested
for an email attachment, where `untrusted-content' is set to non-nil.
org-macro--set-templates: Prevent code evaluation 2024-03-24T12:38:48+00:00 Ihor Radchenko 2024-02-20T09:19:46+00:00 befa9fcaae29a6c9a283ba371c3c5234c7f644eb * lisp/org/org-macro.el (org-macro--set-templates): Get rid of any risk to evaluate code when `org-macro--set-templates' is called as a part of major mode initialization. This way, no code evaluation is ever triggered when user merely opens the file or when `mm-display-org-inline' invokes Org major mode to fontify mime part preview in email messages. 
* lisp/org/org-macro.el (org-macro--set-templates): Get rid of any
risk to evaluate code when `org-macro--set-templates' is called as a
part of major mode initialization.  This way, no code evaluation is
ever triggered when user merely opens the file or when
`mm-display-org-inline' invokes Org major mode to fontify mime part
preview in email messages.
org: Fix security prompt for downloading remote resource 2024-02-17T17:31:28+00:00 Ihor Radchenko 2024-02-02T19:59:41+00:00 e56f0ef51bfdd0e03e817670754bc813fb3702a2 * lisp/org.el (org--confirm-resource-safe): Do not assume that resource is safe when user replies "n" (do not download). Reported-by: Max Nikulin <manikulin@gmail.com> Link: https://orgmode.org/list/upj6uk$b7o$1@ciao.gmane.io 
* lisp/org.el (org--confirm-resource-safe): Do not assume that
resource is safe when user replies "n" (do not download).

Reported-by: Max Nikulin <manikulin@gmail.com>
Link: https://orgmode.org/list/upj6uk$b7o$1@ciao.gmane.io
Revert "Update to Org 9.6.19" 2024-02-17T16:53:05+00:00 Eli Zaretskii 2024-02-17T16:53:05+00:00 65ba3274652a4dac37f41f872330e391cd511ae1 This reverts commit 07a392f445eb21c5e4681027eee9d981300a4309. It was installed by mistake. 
This reverts commit 07a392f445eb21c5e4681027eee9d981300a4309.
It was installed by mistake.
Update to Org 9.6.19 2024-02-17T15:17:41+00:00 Kyle Meyer 2024-02-17T15:17:41+00:00 07a392f445eb21c5e4681027eee9d981300a4309 






; Fix typos in symbol names
2024-01-14T14:16:54+00:00

Stefan Kangas

2024-01-14T13:56:06+00:00

725a3f32f8ba78ac5fffcd03be5b82cbc2c1b275












Improve two docstrings in ox-latex
2024-01-14T13:52:17+00:00

Stefan Kangas

2024-01-14T13:52:17+00:00

6653ee66ca5ebd42322613a09d4c0d2e35af924b

* lisp/org/ox-latex.el (org-latex-src-block-backend)
(org-latex-engraved-theme): Improve docstring; mention that
engrave-faces is a GNU ELPA package.





* lisp/org/ox-latex.el (org-latex-src-block-backend)
(org-latex-engraved-theme): Improve docstring; mention that
engrave-faces is a GNU ELPA package.