diff options
| author | Craig Jennings <c@cjennings.net> | 2024-04-07 13:41:34 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2024-04-07 13:41:34 -0500 |
| commit | 754bbf7a25a8dda49b5d08ef0d0443bbf5af0e36 (patch) | |
| tree | f1190704f78f04a2b0b4c977d20fe96a828377f1 /devdocs/elisp/function-safety.html | |
new repository
Diffstat (limited to 'devdocs/elisp/function-safety.html')
| -rw-r--r-- | devdocs/elisp/function-safety.html | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/devdocs/elisp/function-safety.html b/devdocs/elisp/function-safety.html new file mode 100644 index 00000000..fb7c29ad --- /dev/null +++ b/devdocs/elisp/function-safety.html @@ -0,0 +1,8 @@ + <h3 class="section">Determining whether a Function is Safe to Call</h3> <p>Some major modes, such as SES, call functions that are stored in user files. (See <a href="https://www.gnu.org/software/emacs/manual/html_node/ses/index.html#Top">(ses)Simple Emacs Spreadsheet</a>, for more information on SES.) User files sometimes have poor pedigrees—you can get a spreadsheet from someone you’ve just met, or you can get one through email from someone you’ve never met. So it is risky to call a function whose source code is stored in a user file until you have determined that it is safe. </p> <dl> <dt id="unsafep">Function: <strong>unsafep</strong> <em>form &optional unsafep-vars</em> +</dt> <dd><p>Returns <code>nil</code> if <var>form</var> is a <em>safe</em> Lisp expression, or returns a list that describes why it might be unsafe. The argument <var>unsafep-vars</var> is a list of symbols known to have temporary bindings at this point; it is mainly used for internal recursive calls. The current buffer is an implicit argument, which provides a list of buffer-local bindings. </p></dd> +</dl> <p>Being quick and simple, <code>unsafep</code> does a very light analysis and rejects many Lisp expressions that are actually safe. There are no known cases where <code>unsafep</code> returns <code>nil</code> for an unsafe expression. However, a safe Lisp expression can return a string with a <code>display</code> property, containing an associated Lisp expression to be executed after the string is inserted into a buffer. This associated expression can be a virus. In order to be safe, you must delete properties from all strings calculated by user code before inserting them into buffers. </p><div class="_attribution"> + <p class="_attribution-p"> + Copyright © 1990-1996, 1998-2022 Free Software Foundation, Inc. <br>Licensed under the GNU GPL license.<br> + <a href="https://www.gnu.org/software/emacs/manual/html_node/elisp/Function-Safety.html" class="_attribution-link">https://www.gnu.org/software/emacs/manual/html_node/elisp/Function-Safety.html</a> + </p> +</div> |