Addendum: Security Consideration

The local variables list is a potential security hole, exposing the user to "Trojan horse" attacks. Imagine a variable setting that causes Emacs to behave in an unexpected way; or an eval that has unexpected side-effects, like deleting files or forging email in your name. All an attacker has to do is entice you to visit a file with such a setting in its local variables list. As soon as you visit the file, the code is executed.

The way to protect yourself is to put

(setq enable-local-variables 'query)

in your .emacs. This causes Emacs to present any local variables list to you for inspection before executing it. There's also enable-local-eval, specifically controlling the eval pseudovariable.

Get Writing GNU Emacs Extensions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.