From xemacs-m  Wed Feb 19 04:11:49 1997
Received: from mgate.uni-hannover.de (mgate.uni-hannover.de [130.75.2.3])
	by xemacs.org (8.8.5/8.8.5) with SMTP id EAA28796
	for <xemacs-beta@xemacs.org>; Wed, 19 Feb 1997 04:11:48 -0600 (CST)
Received: from helios (actually helios.tnt.uni-hannover.de) by mgate 
          with SMTP (PP); Wed, 19 Feb 1997 11:09:59 +0100
Received: from daedalus.tnt.uni-hannover.de by helios (SMI-8.6/SMI-SVR4) 
          id LAA09940; Wed, 19 Feb 1997 11:09:14 +0100
Received: by daedalus.tnt.uni-hannover.de (SMI-8.6/SMI-SVR4) id LAA29130;
          Wed, 19 Feb 1997 11:09:11 +0100
Date: Wed, 19 Feb 1997 11:09:11 +0100
Message-Id: <199702191009.LAA29130@daedalus.tnt.uni-hannover.de>
From: Heiko Muenkel <muenkel@tnt.uni-hannover.de>
To: wmperry@aventail.com
Cc: steve@miranova.com, xemacs-beta@xemacs.org
Subject: Re: Safe elisp functions?
In-Reply-To: <199702172345.PAA23641@newman>
References: <199702172311.PAA23394@newman> <m2zpx356pc.fsf@altair.xemacs.org> <199702172345.PAA23641@newman>
X-Face: n}R'l6CHRf>pi&bj7[x0CW3:kmXm@1)7m+l*9[fp;-Ow4Xe~=5E;skf?2> 
        y]f{HzB|Q(\V9+y$PP~.4G[2n4W7{6Ilm[AMY9B:0kj.K_$-d%p4YIF*bX;=ADp6{ 
        HS@NEv9c.VII+9PgXHASx}K(jy^t=q%qzZ72q1e4E;O!$A$`&wgtLk"1%p.nC_G!] 
        4d1!+J4Q#YD_iXeEy`1x)d\r$1Qn\'23n|[8Y_xzuXJJ7W(EGqnzB]`]aq??;+z=) 
        DW~\'Vq&F'g%QU[Mv2:}nS>SdZFTEC2GsgB=Q,:~H<R5S[:ZN%B:s0;|v1x"Jb
Mime-Version: 1.0 (generated by tm-edit 7.90)
Content-Type: text/plain; charset=US-ASCII

>>>>> "William" == William M Perry <wmperry@aventail.com> writes:

    William> Steven L. Baur writes:
    >> Take it out, now.

    William>   Whatever for?  Its harmless right now.  Only danger is
    William> bad choice of 'safe' functions (which must be explicitly
    William> listed), which are pretty restrictive right now.  Pretty
    William> much all you can do is say 'Hello there' in the
    William> minibuffer right now.

    William>   Mainly a proof-of-concept until I finish writing my
    William> javascript interpreter in emacs-lisp.

    William> -Bill P.

I understand the problems Steven has with this, but I think you should
do it. Don't enable it by default and display a warning message, which
can't be overseen, if it is enabled. You should also think about a way
to use pgp to check if you get the HTML page from a well known secure
site. It may be also a good idea to have the choice of enabling it for
file links and disable it for http links or only for a list of http
links.

And by the way, I don't think that javascript is secure. Java is
(hopefully :-) but javascript is not.

