diff options
author | Antero Mejr <antero@mailbox.org> | 2023-05-09 20:51:14 +0000 |
---|---|---|
committer | Eli Zaretskii <eliz@gnu.org> | 2023-05-11 16:33:16 +0300 |
commit | f24ea84f430d5ae6fd3fa5373610551f62ce25be (patch) | |
tree | 47901040117df1160679509917493bf6825b9dc7 /doc | |
parent | 44c2befb4a36391f17ee8f3539dee7be62df89f0 (diff) | |
download | emacs-f24ea84f430d5ae6fd3fa5373610551f62ce25be.tar.gz |
Add safe-local-variable-directories variable.
This variable can be set to automatically load risky dir-local
variables from a list of trusted directories.
* lisp/emacs-lisp/files.el (safe-local-variable-directories,
hack-local-variables-filter, hack-local-variables-confirm): New
variable and associated logic.
* test/lisp/files-tests.el
(files-tests-safe-local-variable-directories): Add tests for same.
* doc/emacs/custom.texi (Safe File Variables): Add documentation for
same.
* doc/lispref/variables.texi (File Local Variables): Add documentation
for same.
* etc/NEWS (Lisp Changes in Emacs 30.1): Add news entry for
same. (Bug#61901)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/emacs/custom.texi | 22 | ||||
-rw-r--r-- | doc/lispref/variables.texi | 12 |
2 files changed, 34 insertions, 0 deletions
diff --git a/doc/emacs/custom.texi b/doc/emacs/custom.texi index 87290734cc9..2ddd39be31f 100644 --- a/doc/emacs/custom.texi +++ b/doc/emacs/custom.texi @@ -1328,6 +1328,13 @@ pairs in the file, by typing @kbd{i} at the confirmation prompt -- these pairs will thereafter be ignored in this file and in all other files. + For directory-local variable/value pairs +(@pxref{Directory Variables}), typing @kbd{+} at the confirmation +prompt will set all the variable/value pairs, and recognize all +variables in that directory as safe in the future. This option should +only be used for directories whose contents you trust. The @kbd{+} +confirmation prompt option is not available for file-local variables. + @vindex safe-local-variable-values @vindex ignored-local-variable-values @cindex risky variable @@ -1344,6 +1351,21 @@ record safe values for risky variables, do it directly by customizing Similarly, if you want to record values of risky variables that should be permanently ignored, customize @code{ignored-local-variable-values}. +@vindex safe-local-variable-directories + Sometimes it is helpful to always trust risky variables in a certain +directory, and skip the confirmation prompt when directory-local +variables are loaded there. When @kbd{+} is pressed at the risky +variable confirmation prompt, the directory in question is added to +the @samp{safe-local-variable-directories} variable, and risky +directory-local variables there will be loaded without prompting in +the future. If customizing @samp{safe-local-variable-directories} +manually, the directories in this list must be fully-expanded absolute +paths that end in a directory separator character. Directory paths +may be remote directory paths (@pxref{Remote Files}), if the +@code{enable-remote-dir-locals} variable is set to @code{t}. +Directory paths in this list are case-sensitive, even if the +filesystem is not. + @vindex enable-local-variables The variable @code{enable-local-variables} allows you to change the way Emacs processes local variables. Its default value is @code{t}, diff --git a/doc/lispref/variables.texi b/doc/lispref/variables.texi index eadb5c36de6..52a94db3703 100644 --- a/doc/lispref/variables.texi +++ b/doc/lispref/variables.texi @@ -1977,6 +1977,18 @@ this can be controlled by using this variable, which is a list of symbols. @end defvar +@defvar safe-local-variable-directories +This is a list of directories where local variables are always +enabled. Directory-local variables loaded from these directories, +such as the variables in @file{.dir-locals.el}, will be enabled even +if they are risky. The directories in this list must be +fully-expanded absolute paths that end in a directory separator +character. They may also be remote directory paths if the +@code{enable-remote-dir-locals} variable is set to @code{t}. +Directory paths in this list are case-sensitive, even if the +filesystem is not. +@end defvar + @defun hack-local-variables &optional handle-mode This function parses, and binds or evaluates as appropriate, any local variables specified by the contents of the current buffer. The variable |