We have not had any issues nor heard of any. Since Hyperbole allows you to see what a button will do before activating it, if you use an unfamiliar button or button type, it is your responsibility to check it our before activating it in case you ever run into a malicious actor.
On Tue, May 11, 2021 at 1:28 PM Jean Louis <[email protected]> wrote: > As I am using heavily `eval' in my rcd-template package for template > interpolation, and people complain, like I should minimize it, but I > have no other way around it, I would like to ask if there were ever > any practical negative consequences by Hyperbole using `eval'? > > It is if I guess well, decades old package, but maybe I am wrong, > decades are passing quickly. > > How I see it here, it is frequently used. Of course, it allows > execution of any Lisp expression by various means. > > But were there any problematic issues ever? > > I believe that code is well written, and I don't refer to code, I > rather ask if anybody complained or if anything practical, like users' > data was reported to be destroyed by incorrect `eval'. > > grep --color=auto -nH -e "(eval " *.el > hact.el:412: (eval (cons action args)) > hact.el:413: (eval action)) > hact.el:447: (eval act) > hact.el:448: (eval action)) > hactypes.el:52: (let ((result (eval bool-expr))) > hactypes.el:65: (eval lisp-expr)) > hargs.el:267: (eval not-quoted)) > hargs.el:272: (eval not-quoted)) > hargs.el:509: (eval iform)) > hbmap.el:97: (eval form) > hbut.el:655: (eval `(ebut:program label actype ,@args)))))) > hmail.el:118: (eval expr) > hmouse-drv.el:845: pred-value (eval pred)) > hmouse-drv.el:849: (eval hkey-action)) > hmouse-drv.el:864: (or (setq pred-value (eval (car hkey-form))) > hsmail.el:83: (let ((comment (eval (or comment-form smail:comment)))) > hui-mini.el:136: (while (and show-menu (eval set-menu)) > hui-mini.el:156: rtn (eval act-form)))))) > hui-mini.el:185: (while (and show-menu (eval set-menu)) > hui-mouse.el:1476: (eval lisp-form)) > hui-window.el:867: (setq w1-ref (eval (cadr (assq > major-mode hmouse-drag-item-mode-forms)))) > hui-window.el:1239: (eval (cdr (assoc (hyperb:window-system) > hui-window.el:1257: (let ((y (eval (cdr (assoc (hyperb:window-system) > hycontrol.el:771: (eval expr)))) > hycontrol.el:792: (not (eval (cons 'or > (hycontrol-display-buffer-predicate-results buf))))) > hycontrol.el:795: (eval (cons 'or > (hycontrol-display-buffer-predicate-results buf)))))) > hycontrol.el:1683: ((eval predicate) > hypb.el:58: (eval predicate) > hypb.el:326: (eval (append > hyrolo-logic.el:127: (setq total-matches (eval (read expr)))) > hyrolo-logic.el:203: (let ((result (eval sexp))) > > > I use: Editor: GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, X > toolkit, cairo version 1.17.4, Xaw3d scroll bars) > > Hyperbole: 8.0.0pre > Sys Type: x86_64-pc-linux-gnu > OS Type: gnu/linux > Window Sys: x > News Reader: Gnus v5.13 > > -- > Thanks, > Jean Louis > > Take action in Free Software Foundation campaigns: > https://www.fsf.org/campaigns > > >
