search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 6d6dc24) | patch
Disable execution of unsafe Lisp by Enriched Text mode
commita103dbe36022cd2454eaeed96def1c777c049762
authorEli Zaretskii <eliz@gnu.org>
Sat, 16 Sep 2017 09:45:24 +0000 (16 12:45 +0300)
committerEli Zaretskii <eliz@gnu.org>
Sat, 16 Sep 2017 09:45:24 +0000 (16 12:45 +0300)
treea3455f3e0ef50b9bbc1085c3199b4434851ebf35tree | snapshot (tar.gz zip)
parent6d6dc246f93486fc8370399b6e1af8a17f371e4fcommit | diff
Disable execution of unsafe Lisp by Enriched Text mode

* src/xdisp.c (handle_display_spec): If the display property is
wrapped in 'disable-eval' form, disable Lisp evaluation while
processing this property.
(handle_single_display_spec): Accept new argument ENABLE_EVAL_P.
If that argument is false, don't evaluate Lisp while processing
display properties.

* lisp/textmodes/enriched.el
(enriched-allow-eval-in-display-props): New defcustom.
(enriched-decode-display-prop): If
enriched-allow-eval-in-display-props is nil, wrap the display
property with 'disable-eval' to disable Lisp evaluation when the
display property is processed for display.  (Bug#28350)
* lisp/gnus/mm-view.el (mm-inline-text): Re-enable processing of
enriched text.

* doc/lispref/display.texi (Display Property): Document the
'disable-eval' wrapping of 'display' properties.
* doc/emacs/text.texi (Enriched Properties): Document
'enriched-allow-eval-in-display-props'.

* etc/NEWS: Describe the security issues with Enriched Text mode
and their solution.
doc/emacs/text.texi diff | blob | blame | history
doc/lispref/display.texi diff | blob | blame | history
etc/NEWS diff | blob | blame | history
lisp/gnus/mm-view.el diff | blob | blame | history
lisp/textmodes/enriched.el diff | blob | blame | history
src/xdisp.c diff | blob | blame | history
Emacs repository mirror