diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-23 19:51:51 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-23 19:51:51 -0500 |
| commit | beb6558a7a7a95e54d7cc510e4832bf645950e51 (patch) | |
| tree | a0c44e53eeda304feb78487db3f5350d4cb9956b /modules | |
| parent | c90e8deaef6fe29bce4dab778630e3ba5f1c7956 (diff) | |
| download | dotemacs-beb6558a7a7a95e54d7cc510e4832bf645950e51.tar.gz dotemacs-beb6558a7a7a95e54d7cc510e4832bf645950e51.zip | |
fix(org-babel): confirm babel evaluation by default, toggle on a key
org-babel-config set org-confirm-babel-evaluate to nil globally, so a source block in any Org file (a cloned repo, a downloaded note, a web clip) ran with no prompt. That's arbitrary code execution on opening the wrong file and hitting C-c C-c.
I set the default to t (confirm) and replaced the old babel-confirm command, which only toggled under a prefix arg, with cj/org-babel-toggle-confirm. It flips confirmation off for the session when I'm in trusted files and back on when I'm done, bound to C-; k.
The C-; k binding is a placeholder. I filed a follow-up to give it a permanent Org-prefixed home.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/org-babel-config.el | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/modules/org-babel-config.el b/modules/org-babel-config.el index 2c52ae46..b3a3036a 100644 --- a/modules/org-babel-config.el +++ b/modules/org-babel-config.el @@ -19,7 +19,7 @@ (setq org-src-fontify-natively t) ;; fontify the code in blocks (setq org-src-tab-acts-natively t) ;; tabs act like in language major mode buffer (setq org-src-window-setup 'current-window) ;; don't split window when source editing wih C-c ' - (setq org-confirm-babel-evaluate nil) ;; just evaluate the source code + (setq org-confirm-babel-evaluate t) ;; confirm before running babel; toggle with C-; k (setq org-babel-default-header-args (cons '(:tangle . "yes") (assq-delete-all :tangle org-babel-default-header-args)))) ;; default header args for babel @@ -28,16 +28,17 @@ ;; ------------------- Babel Execution Confirmation Toggle ------------------- ;; org-babel verifies before each execution -(defun babel-confirm (flag) - "Report the setting of `org-confirm-babel-evaluate'. - -If invoked with \[universal-argument], toggle the setting based on FLAG. -FLAG is the raw prefix argument passed interactively." - (interactive "P") - (if (equal flag '(4)) - (setq org-confirm-babel-evaluate (not org-confirm-babel-evaluate))) - (message "Babel evaluation confirmation is %s" - (if org-confirm-babel-evaluate "on" "off"))) +(defun cj/org-babel-toggle-confirm () + "Toggle whether Org babel blocks are confirmed before evaluation. +`org-confirm-babel-evaluate' defaults to t (confirm), which is the safe default +for files from cloned repos, web clips, or downloads. Flip it off for the +session when working in trusted files, and back on when done." + (interactive) + (setq org-confirm-babel-evaluate (not org-confirm-babel-evaluate)) + (message "Babel evaluation confirmation %s" + (if org-confirm-babel-evaluate "ON" "OFF"))) + +(keymap-global-set "C-; k" #'cj/org-babel-toggle-confirm) ;; ---------------------------- Org Babel Languages ---------------------------- |