[metroholografix]

These bugs can be described as the major or minor mode evaluating code that is provided as part of the buffer that the mode is being enabled for. The two semi-recent examples that come to mind include Org (which offers this code evaluation as a feature) and text/enriched (which allowed arbitrary Lisp evaluation through a non-standard extension). In both of these cases, the evaluation was -somewhat- intended and even documented, so these are not bugs in the traditional definition. They become security bugs when one takes into account the exposed attack surface / dynamic interaction with parts of Emacs automatically switching on the mode (e.g. through an email in Gnus) on 3rd party untrusted input.

I don't expect to see code evaluation on untrusted input as intended features in web browser or chat modes.

[a1369209993]

> I don't expect to see code evaluation on untrusted input as intended features in web browser

I'm not sure whether to laugh or cry at that. Suffice to say that ship has sailed all the way around the world several times, to the great detriment of everyone who isn't a advertising or other malware-development corporation.

[metroholografix]

There's no JS interpreter in EWW [1]. If you're forced to use a different browser, having JS off by default is not hard to get used to.

[1] https://www.gnu.org/software/emacs/manual/html_node/eww/Over...

[kreyenborgi]

But surely someone out there will make a code highlighter for EWW, and maybe that highlighter calls org-mode on some block and that ends up evaluating stuff etc.