org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

* lisp/org/ol.el (org-link-expand-abbrev): Refuse expanding %(...)
link abbrevs that specify unsafe function.  Instead, display a
warning, and do not expand the abbrev.  Clear all the text properties
from the returned link, to avoid any potential vulnerabilities caused
by properties that may contain arbitrary Elisp.

0 files changed, 0 insertions, 0 deletions