Martijn Faassen wrote:
Shane Hathaway wrote:
There certainly ought to be a way to create an unrestricted PageTemplateFile, though it should be an explicit step.
That is a good suggestion. I'd like that option. It would also be a potential performance benefit.
On the other hand, in situations where the PageTemplate designers are *not* security conscious (they're designers, not primarily programmers) the option of explicit checks is useful.
PageTemplateFile is a class used by Product authors, just like DTMLFile. If you can write a product, you are either security conscious or your product is worthless. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway." -Holly