This is just a follow up to see if anyone have insights on this matter. Thanks
Ruiyang > On Oct 14, 2020, at 1:18 PM, 吴锐扬 <ywwr...@gmail.com> wrote: > > Hi, > > I have org-confirm-babel-evaluate set to t by default. With this, I expect to > be queried with the execution of every code block or lob call. However, this > does not happen when exporting lob calls (to latex for example). Here is an > example: > ______________________________________ > > 1. Exporting code block (with evaluation) > #+name: foo > #+begin_src emacs-lisp :exports both > (message "hello world!") > #+end_src > > When exporting this to latex, I get queried as expected. And there is no way > to suppress the query unless I change org-confirm-babel-evaluate to nil. > > 2. Exporting lob call > #+name: foo > #+begin_src emacs-lisp > (message "hello world!") > #+end_src > > #+call: foo() > > When exporting this to latex, I don’t get queried. This seems dangerous to me. > ______________________________________ > > I find it hard to explain this inconsistency. If org-confirm-babel-evaluate > is designed to be a protective layer, then a user might export an org file > that includes malicious code along with a lob call, while unawarely execute > that code without being warned. This seems to defeat the purpose of > org-confirm-babel-evaluate. > > As I searched the archive, I found this change was introduced in the > following thread: > https://lists.gnu.org/archive/html/emacs-orgmode/2013-04/msg00764.html > > + (let (org-confirm-babel-evaluate) > + (org-babel-execute-src-block nil info)))))))))) > > Do you think this is the intended behavior of org-confirm-babel-evaluate, or > am I missing something? > > Thanks, > Ruiyang >