Hi,

I have org-confirm-babel-evaluate set to t by default. With this, I expect to 
be queried with the execution of every code block or lob call. However, this 
does not happen when exporting lob calls (to latex for example). Here is an 
example:
______________________________________

1. Exporting code block (with evaluation)
#+name: foo
#+begin_src emacs-lisp :exports both
  (message "hello world!")
#+end_src

When exporting this to latex, I get queried as expected. And there is no way to 
suppress the query unless I change org-confirm-babel-evaluate to nil.

2. Exporting lob call
#+name: foo
#+begin_src emacs-lisp
  (message "hello world!")
#+end_src

#+call: foo()

When exporting this to latex, I don’t get queried. This seems dangerous to me.
______________________________________

I find it hard to explain this inconsistency. If org-confirm-babel-evaluate is 
designed to be a protective layer, then a user might export an org file that 
includes malicious code along with a lob call, while unawarely execute that 
code without being warned. This seems to defeat the purpose of 
org-confirm-babel-evaluate.

As I searched the archive, I found this change was introduced in the following 
thread: https://lists.gnu.org/archive/html/emacs-orgmode/2013-04/msg00764.html

+             (let (org-confirm-babel-evaluate)
+               (org-babel-execute-src-block nil info))))))))))

Do you think this is the intended behavior of org-confirm-babel-evaluate, or am 
I missing something?

Thanks,
Ruiyang


Reply via email to