========================
== Experimental Emacs ==
========================
Corwin's Emacs Blog


Fork of restclient guarding uses of eval

Another IRC user, technomancy, created a fork of restclient today after noticing some evals.

Here's the new repository: https://git.sr.ht/~technomancy/restclient.el

The delta is small, simply guarding these behind options (which can be setup per "trusted" file/buffer). I'm sure he'd be interested in your further thoughts if you happen to be an IRC user; I'm not sure how much work he plans to put into this other than immediately offering "a simple fix" believing the package might be somewhat undermaintained currently.

My understanding is he is still researching to fully understand how the package works and the full (potentially quite narrow) scope information that could wind up fed to these evals. Unfortunately, it is slightly twisty (and rather undocumented).

Here's the upstream for the fork, focusing on a couple evals discussed on IRC today: https://github.com/pashky/restclient.el/blob/master/restclient.el#L466-L479 https://github.com/pashky/restclient.el/blob/master/restclient.el#L606-L610