From beb6558a7a7a95e54d7cc510e4832bf645950e51 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Sat, 23 May 2026 19:51:51 -0500
Subject: fix(org-babel): confirm babel evaluation by default, toggle on a key

org-babel-config set org-confirm-babel-evaluate to nil globally, so a source block in any Org file (a cloned repo, a downloaded note, a web clip) ran with no prompt. That's arbitrary code execution on opening the wrong file and hitting C-c C-c.

I set the default to t (confirm) and replaced the old babel-confirm command, which only toggled under a prefix arg, with cj/org-babel-toggle-confirm. It flips confirmation off for the session when I'm in trusted files and back on when I'm done, bound to C-; k.

The C-; k binding is a placeholder. I filed a follow-up to give it a permanent Org-prefixed home.
---
 tests/test-org-babel-config.el | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 tests/test-org-babel-config.el

(limited to 'tests')

diff --git a/tests/test-org-babel-config.el b/tests/test-org-babel-config.el
new file mode 100644
index 00000000..b62a9422
--- /dev/null
+++ b/tests/test-org-babel-config.el
@@ -0,0 +1,35 @@
+;;; test-org-babel-config.el --- Tests for babel confirmation toggle -*- lexical-binding: t; -*-
+
+;;; Commentary:
+;; Covers cj/org-babel-toggle-confirm, which flips `org-confirm-babel-evaluate'
+;; between t (the safe default — confirm before running a block) and nil, and
+;; the C-; k binding that invokes it.
+
+;;; Code:
+
+(require 'ert)
+(require 'org-babel-config)
+
+;; org defines this as a defcustom, but org is not loaded in batch; declare it
+;; special here so the let-bindings below are dynamic.
+(defvar org-confirm-babel-evaluate t)
+
+(ert-deftest test-org-babel-toggle-confirm-flips-from-t-to-nil ()
+  "Normal: toggling when confirmation is on turns it off."
+  (let ((org-confirm-babel-evaluate t))
+    (cj/org-babel-toggle-confirm)
+    (should-not org-confirm-babel-evaluate)))
+
+(ert-deftest test-org-babel-toggle-confirm-flips-from-nil-to-t ()
+  "Normal: toggling when confirmation is off turns it on."
+  (let ((org-confirm-babel-evaluate nil))
+    (cj/org-babel-toggle-confirm)
+    (should (eq t org-confirm-babel-evaluate))))
+
+(ert-deftest test-org-babel-toggle-confirm-bound-to-key ()
+  "Smoke: C-; k invokes the toggle command."
+  (should (eq (keymap-lookup (current-global-map) "C-; k")
+              #'cj/org-babel-toggle-confirm)))
+
+(provide 'test-org-babel-config)
+;;; test-org-babel-config.el ends here
-- 
cgit v1.2.3