emacs: Safe File Variables
51.2.4.2 Safety of File Variables
.................................
File-local variables can be dangerous; when you visit someone else’s
file, there’s no telling what its local variables list could do to your
Emacs. Improper values of the ‘eval’ “variable”, and other variables
such as ‘load-path’, could execute Lisp code you didn’t intend to run.
Therefore, whenever Emacs encounters file local variable values that
are not known to be safe, it displays the file’s entire local variables
list, and asks you for confirmation before setting them. You can type
‘y’ or <SPC> to put the local variables list into effect, or ‘n’ to
ignore it. When Emacs is run in batch mode (Initial Options),
it can’t really ask you, so it assumes the answer ‘n’.
Emacs normally recognizes certain variable/value pairs as safe. For
instance, it is safe to give ‘comment-column’ or ‘fill-column’ any
integer value. If a file specifies only known-safe variable/value
pairs, Emacs does not ask for confirmation before setting them.
Otherwise, you can tell Emacs to record all the variable/value pairs in
this file as safe, by typing ‘!’ at the confirmation prompt. When Emacs
encounters these variable/value pairs subsequently, in the same file or
others, it will assume they are safe.
Some variables, such as ‘load-path’, are considered particularly
“risky”: there is seldom any reason to specify them as local variables,
and changing them can be dangerous. If a file contains only risky local
variables, Emacs neither offers nor accepts ‘!’ as input at the
confirmation prompt. If some of the local variables in a file are
risky, and some are only potentially unsafe, you can enter ‘!’ at the
prompt. It applies all the variables, but only marks the non-risky ones
as safe for the future. If you really want to record safe values for
risky variables, do it directly by customizing
‘safe-local-variable-values’ (Easy Customization).
The variable ‘enable-local-variables’ allows you to change the way
Emacs processes local variables. Its default value is ‘t’, which
specifies the behavior described above. If it is ‘nil’, Emacs simply
ignores all file local variables. ‘:safe’ means use only the safe
values and ignore the rest. Any other value says to query you about
each file that has local variables, without trying to determine whether
the values are known to be safe.
The variable ‘enable-local-eval’ controls whether Emacs processes
‘eval’ variables. The three possibilities for the variable’s value are
‘t’, ‘nil’, and anything else, just as for ‘enable-local-variables’.
The default is ‘maybe’, which is neither ‘t’ nor ‘nil’, so normally
Emacs does ask for confirmation about processing ‘eval’ variables.
As an exception, Emacs never asks for confirmation to evaluate any
‘eval’ form if that form occurs within the variable
‘safe-local-eval-forms’.