17.13 Code Evaluation and Security Issues

Unlike plain text, running code comes with risk. Each source code block, in terms of risk, is equivalent to an executable file. Org therefore puts a few confirmation prompts by default. This is to alert the casual user from accidentally running untrusted code.

For users who do not run code blocks or write code regularly, Org’s default settings should suffice. However, some users may want to tweak the prompts for fewer interruptions. To weigh the risks of automatic execution of code blocks, here are some details about code evaluation.

Org evaluates code in the following circumstances:

Source code blocks

Org evaluates source code blocks in an Org file during export. Org also evaluates a source code block with the C-c C-c key chord. Users exporting or running code blocks must load files only from trusted sources. Be wary of customizing variables that remove or alter default security measures.

User Option: org-confirm-babel-evaluate

When t, Org prompts the user for confirmation before executing each code block. When nil, Org executes code blocks without prompting the user for confirmation. When this option is set to a custom function, Org invokes the function with these two arguments: the source code language and the body of the code block. The custom function must return either a t or nil, which determines if the user is prompted. Each source code language can be handled separately through this function argument.

For example, here is how to execute ditaa code blocks without prompting:

(defun my-org-confirm-babel-evaluate (lang body)
  (not (string= lang "ditaa")))  ;don't ask for ditaa
(setq org-confirm-babel-evaluate #'my-org-confirm-babel-evaluate)
Following ‘shell’ and ‘elisp’ links

Org has two link types that can directly evaluate code (see External Links). Because such code is not visible, these links have a potential risk. Org therefore prompts the user when it encounters such links. The customization variables are:

Function that prompts the user before executing a shell link.

Function that prompts the user before executing an Emacs Lisp link.

Formulas in tables

Formulas in tables (see The Spreadsheet) are code that is evaluated either by the Calc interpreter, or by the Emacs Lisp interpreter.