|
|
@@ -452,6 +452,7 @@ Miscellaneous
|
|
|
|
|
|
* Completion:: M-TAB knows what you need
|
|
|
* Speed keys:: Electic commands at the beginning of a headline
|
|
|
+* Code evaluation security:: Org mode files evaluate inline code
|
|
|
* Customization:: Adapting Org to your taste
|
|
|
* In-buffer settings:: Overview of the #+KEYWORDS
|
|
|
* The very busy C-c C-c key:: When in doubt, press C-c C-c
|
|
|
@@ -527,41 +528,39 @@ structured ASCII file, as HTML, or (TODO and agenda items only) as an
|
|
|
iCalendar file. It can also serve as a publishing tool for a set of
|
|
|
linked web pages.
|
|
|
|
|
|
-An important design aspect that distinguishes Org from, for example,
|
|
|
-Planner/Muse is that it encourages you to store every piece of information
|
|
|
-only once. In Planner, you have project pages, day pages and possibly
|
|
|
-other files, duplicating some information such as tasks. In Org,
|
|
|
-you only have notes files. In your notes you mark entries as tasks, and
|
|
|
-label them with tags and timestamps. All necessary lists, like a
|
|
|
-schedule for the day, the agenda for a meeting, tasks lists selected by
|
|
|
-tags, etc., are created dynamically when you need them.
|
|
|
+As a project planning environment, Org works by adding metadata to outline
|
|
|
+nodes. Based on this data, specific entries can be extracted in queries and
|
|
|
+create dynamic @i{agenda views}.
|
|
|
+
|
|
|
+Org mode contains the Org Babel environment which allows to work with
|
|
|
+embedded source code block in a file, to facilitate code evaluation,
|
|
|
+documentation, and tangling.
|
|
|
+
|
|
|
+Org's automatic, context-sensitive table editor with spreadsheet
|
|
|
+capabilities can be integrated into any major mode by activating the
|
|
|
+minor Orgtbl mode. Using a translation step, it can be used to maintain
|
|
|
+tables in arbitrary file types, for example in La@TeX{}. The structure
|
|
|
+editing and list creation capabilities can be used outside Org with
|
|
|
+the minor Orgstruct mode.
|
|
|
|
|
|
Org keeps simple things simple. When first fired up, it should
|
|
|
feel like a straightforward, easy to use outliner. Complexity is not
|
|
|
imposed, but a large amount of functionality is available when you need
|
|
|
-it. Org is a toolbox and can be used in different ways, for
|
|
|
-example as:
|
|
|
+it. Org is a toolbox and can be used in different ways and for different
|
|
|
+ends, for example:
|
|
|
|
|
|
@example
|
|
|
@r{@bullet{} an outline extension with visibility cycling and structure editing}
|
|
|
@r{@bullet{} an ASCII system and table editor for taking structured notes}
|
|
|
-@r{@bullet{} an ASCII table editor with spreadsheet-like capabilities}
|
|
|
@r{@bullet{} a TODO list editor}
|
|
|
@r{@bullet{} a full agenda and planner with deadlines and work scheduling}
|
|
|
@pindex GTD, Getting Things Done
|
|
|
@r{@bullet{} an environment in which to implement David Allen's GTD system}
|
|
|
-@r{@bullet{} a basic database application}
|
|
|
@r{@bullet{} a simple hypertext system, with HTML and La@TeX{} export}
|
|
|
@r{@bullet{} a publishing tool to create a set of interlinked webpages}
|
|
|
@r{@bullet{} an environment for literate programming}
|
|
|
@end example
|
|
|
|
|
|
-Org's automatic, context-sensitive table editor with spreadsheet
|
|
|
-capabilities can be integrated into any major mode by activating the
|
|
|
-minor Orgtbl mode. Using a translation step, it can be used to maintain
|
|
|
-tables in arbitrary file types, for example in La@TeX{}. The structure
|
|
|
-editing and list creation capabilities can be used outside Org with
|
|
|
-the minor Orgstruct mode.
|
|
|
|
|
|
@cindex FAQ
|
|
|
There is a website for Org which provides links to the newest
|
|
|
@@ -12199,6 +12198,7 @@ emacsclient \
|
|
|
@menu
|
|
|
* Completion:: M-TAB knows what you need
|
|
|
* Speed keys:: Electic commands at the beginning of a headline
|
|
|
+* Code evaluation security:: Org mode files evaluate inline code
|
|
|
* Customization:: Adapting Org to your taste
|
|
|
* In-buffer settings:: Overview of the #+KEYWORDS
|
|
|
* The very busy C-c C-c key:: When in doubt, press C-c C-c
|
|
|
@@ -12270,7 +12270,7 @@ Elsewhere, complete dictionary words using Ispell.
|
|
|
@end itemize
|
|
|
@end table
|
|
|
|
|
|
-@node Speed keys, Customization, Completion, Miscellaneous
|
|
|
+@node Speed keys, Code evaluation security, Completion, Miscellaneous
|
|
|
@section Speed keys
|
|
|
@cindex speed keys
|
|
|
@vindex org-use-speed-commands
|
|
|
@@ -12288,7 +12288,58 @@ or on a small mobile device with a limited keyboard.
|
|
|
To see which commands are available, activate the feature and press @kbd{?}
|
|
|
with the cursor at the beginning of a headline.
|
|
|
|
|
|
-@node Customization, In-buffer settings, Speed keys, Miscellaneous
|
|
|
+@node Code evaluation security, Customization, Speed keys, Miscellaneous
|
|
|
+@section Code evaluation and security issues
|
|
|
+
|
|
|
+Org files can contain embedded code snippets in many programming languages.
|
|
|
+Org mode provides tool ti work with hte code snippets, and that includes
|
|
|
+evaluation.
|
|
|
+
|
|
|
+Running code on your machine always comes with a security risk. Badly
|
|
|
+written or malicious code can be executed on purpose or by accident. Org has
|
|
|
+default settings which will only evaluate such code if you give explicit
|
|
|
+permission to do so, and as a casual user of these features you should levae
|
|
|
+these precautions intact.
|
|
|
+
|
|
|
+For people who regularly work with such code, the confirmation prompts can
|
|
|
+become annoying, and you might want to turn them off. This can be done, but
|
|
|
+you must be aware of the risks that are involved.
|
|
|
+
|
|
|
+Code evaluation can happen under the following circumstances
|
|
|
+
|
|
|
+@table @i
|
|
|
+@item Source code blocks
|
|
|
+Source code blocks can be evaluated during export, or when pressing @kbd{C-c
|
|
|
+C-c} in the block. @b{Security advice:} The most important thing to realize
|
|
|
+here is that Org mode files which contain code snippets are in a certain
|
|
|
+sense like executable files. So you should accept them and load them into
|
|
|
+Emacs only from trusted sources - just like you would do with a program you
|
|
|
+install on your computer.
|
|
|
+
|
|
|
+Make sure you know what you are doing before customizing the variables
|
|
|
+which take of the default security brakes.
|
|
|
+
|
|
|
+@defopt org-confirm-babel-evaluate
|
|
|
+?????????????????????
|
|
|
+@end defopt
|
|
|
+
|
|
|
+@defopt org-not-evluation-with-C-c-C-c
|
|
|
+
|
|
|
+@item Following @code{shell} and @code{elisp} links
|
|
|
+Org has two link types that can directly evaluate code (@pxref{External
|
|
|
+links}). These links can be problematic because the code to be evaluated his
|
|
|
+not visible. @b{Security advice:} Do not use these links, use source code
|
|
|
+blocks which make the associated actions much more transparent.
|
|
|
+
|
|
|
+@item Formulas in tables
|
|
|
+Formulas in tables (@pxref{The spreadsheet}) are code that is evaluated
|
|
|
+either by the @i{calc} interpreter, or by the @i{Emacs Lisp} interpreter.
|
|
|
+@b{Security advice:} If you get a file from an untrusted source, do not
|
|
|
+update tables without looking at complex formulas.
|
|
|
+@end table
|
|
|
+
|
|
|
+
|
|
|
+@node Customization, In-buffer settings, Code evaluation security, Miscellaneous
|
|
|
@section Customization
|
|
|
@cindex customization
|
|
|
@cindex options, for customization
|
Carsten Dominik