org-latex-preview: Add protection when `untrusted-content' is non-nil

* lisp/org.el (org--latex-preview-when-risky): New variable
controlling how to handle LaTeX previews in Org files from untrusted
origin.
(org-latex-preview): Consult `org--latex-preview-when-risky' before
generating previews.

This patch adds a layer of protection when LaTeX preview is requested
for an email attachment, where `untrusted-content' is set to non-nil.
This commit is contained in:
Ihor Radchenko 2024-02-20 12:47:24 +03:00
parent 003ddacf1c
commit 03635a3355
No known key found for this signature in database
GPG Key ID: 6470762A7DA11D8B
1 changed files with 19 additions and 0 deletions

View File

@ -1136,6 +1136,24 @@ the following lines anywhere in the buffer:
:package-version '(Org . "8.0")
:type 'boolean)
(defvar untrusted-content) ; defined in files.el
(defvar org--latex-preview-when-risky nil
"If non-nil, enable LaTeX preview in Org buffers from unsafe source.
Some specially designed LaTeX code may generate huge pdf or log files
that may exhaust disk space.
This variable controls how to handle LaTeX preview when rendering LaTeX
fragments that originate from incoming email messages. It has no effect
when Org mode is unable to determine the origin of the Org buffer.
An Org buffer is considered to be from unsafe source when the
variable `untrusted-content' has a non-nil value in the buffer.
If this variable is non-nil, LaTeX previews are rendered unconditionally.
This variable may be renamed or changed in the future.")
(defcustom org-insert-mode-line-in-empty-file nil
"Non-nil means insert the first line setting Org mode in empty files.
When the function `org-mode' is called interactively in an empty file, this
@ -15693,6 +15711,7 @@ fragments in the buffer."
(interactive "P")
(cond
((not (display-graphic-p)) nil)
((and untrusted-content (not org--latex-preview-when-risky)) nil)
;; Clear whole buffer.
((equal arg '(64))
(org-clear-latex-preview (point-min) (point-max))