Unlike plain text, running code comes with risk. Each ‘src’ code block, in terms of risk, is equivalent to an executable file. Org therefore puts a few confirmation prompts by default. This is to alert the casual user from accidentally running untrusted code.
For users who do not run code blocks or write code regularly, Org’s default settings should suffice. However, some users may want to tweak the prompts for fewer interruptions. To weigh the risks of automatic execution of code blocks, here are some details about code evaluation.
Org evaluates code in the following circumstances:
Org evaluates ‘src’ code blocks in an Org file during export. Org also evaluates a ‘src’ code block with the C-c C-c key chord. Users exporting or running code blocks must load files only from trusted sources. Be wary of customizing variables that remove or alter default security measures.
t, Org prompts the user for confirmation before executing each
code block. When
nil, Org executes code blocks without prompting the
user for confirmation. When this option is set to a custom function, Org
invokes the function with these two arguments: the source code language and
the body of the code block. The custom function must return either a
nil, which determines if the user is prompted. Each
source code language can be handled separately through this function
For example, this function enables execution of ‘ditaa’ code +blocks without prompting:
(defun my-org-confirm-babel-evaluate (lang body) (not (string= lang "ditaa"))) ; don't ask for ditaa (setq org-confirm-babel-evaluate 'my-org-confirm-babel-evaluate)
Org has two link types that can also directly evaluate code (see External links). Because such code is not visible, these links have a potential risk. Org therefore prompts the user when it encounters such links. The customization variables are:
Function that prompts the user before executing a shell link.
Function that prompts the user before executing an Emacs Lisp link.
Org executes formulas in tables (see The spreadsheet) either through the calc or the Emacs Lisp interpreters.