From beb6558a7a7a95e54d7cc510e4832bf645950e51 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Sat, 23 May 2026 19:51:51 -0500 Subject: fix(org-babel): confirm babel evaluation by default, toggle on a key org-babel-config set org-confirm-babel-evaluate to nil globally, so a source block in any Org file (a cloned repo, a downloaded note, a web clip) ran with no prompt. That's arbitrary code execution on opening the wrong file and hitting C-c C-c. I set the default to t (confirm) and replaced the old babel-confirm command, which only toggled under a prefix arg, with cj/org-babel-toggle-confirm. It flips confirmation off for the session when I'm in trusted files and back on when I'm done, bound to C-; k. The C-; k binding is a placeholder. I filed a follow-up to give it a permanent Org-prefixed home. --- modules/org-babel-config.el | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/org-babel-config.el b/modules/org-babel-config.el index 2c52ae46..b3a3036a 100644 --- a/modules/org-babel-config.el +++ b/modules/org-babel-config.el @@ -19,7 +19,7 @@ (setq org-src-fontify-natively t) ;; fontify the code in blocks (setq org-src-tab-acts-natively t) ;; tabs act like in language major mode buffer (setq org-src-window-setup 'current-window) ;; don't split window when source editing wih C-c ' - (setq org-confirm-babel-evaluate nil) ;; just evaluate the source code + (setq org-confirm-babel-evaluate t) ;; confirm before running babel; toggle with C-; k (setq org-babel-default-header-args (cons '(:tangle . "yes") (assq-delete-all :tangle org-babel-default-header-args)))) ;; default header args for babel @@ -28,16 +28,17 @@ ;; ------------------- Babel Execution Confirmation Toggle ------------------- ;; org-babel verifies before each execution -(defun babel-confirm (flag) - "Report the setting of `org-confirm-babel-evaluate'. - -If invoked with \[universal-argument], toggle the setting based on FLAG. -FLAG is the raw prefix argument passed interactively." - (interactive "P") - (if (equal flag '(4)) - (setq org-confirm-babel-evaluate (not org-confirm-babel-evaluate))) - (message "Babel evaluation confirmation is %s" - (if org-confirm-babel-evaluate "on" "off"))) +(defun cj/org-babel-toggle-confirm () + "Toggle whether Org babel blocks are confirmed before evaluation. +`org-confirm-babel-evaluate' defaults to t (confirm), which is the safe default +for files from cloned repos, web clips, or downloads. Flip it off for the +session when working in trusted files, and back on when done." + (interactive) + (setq org-confirm-babel-evaluate (not org-confirm-babel-evaluate)) + (message "Babel evaluation confirmation %s" + (if org-confirm-babel-evaluate "ON" "OFF"))) + +(keymap-global-set "C-; k" #'cj/org-babel-toggle-confirm) ;; ---------------------------- Org Babel Languages ---------------------------- -- cgit v1.2.3