* Info Catalog Prev elisp: Declaring Functions Up elisp: Functions Next elisp: Related Topics

elisp: Function Safety

 
 12.16 Determining whether a Function is Safe to Call
 ====================================================
 
 Some major modes, such as SES, call functions that are stored in user
 files.  (See(ses)Top, for more information on SES.)  User files
 sometimes have poor pedigrees—you can get a spreadsheet from someone
 you’ve just met, or you can get one through email from someone you’ve
 never met.  So it is risky to call a function whose source code is
 stored in a user file until you have determined that it is safe.
 
  -- Function: unsafep form &optional unsafep-vars
      Returns ‘nil’ if FORM is a “safe” Lisp expression, or returns a
      list that describes why it might be unsafe.  The argument
      UNSAFEP-VARS is a list of symbols known to have temporary bindings
      at this point; it is mainly used for internal recursive calls.  The
      current buffer is an implicit argument, which provides a list of
      buffer-local bindings.
 
    Being quick and simple, ‘unsafep’ does a very light analysis and
 rejects many Lisp expressions that are actually safe.  There are no
 known cases where ‘unsafep’ returns ‘nil’ for an unsafe expression.
 However, a safe Lisp expression can return a string with a ‘display’
 property, containing an associated Lisp expression to be executed after
 the string is inserted into a buffer.  This associated expression can be
 a virus.  In order to be safe, you must delete properties from all
 strings calculated by user code before inserting them into buffers.
* Info Catalog Prev elisp: Declaring Functions Up elisp: Functions Next elisp: Related Topics