This patch changes lib/python/DocumentTemplate/DT_HTML.py so that you can use paths for traversal in DTML entity syntax. The delimiter is ':', as it is valid as part of an XML entity, but not valid as part of a Zope object id. You can use &dtml-:foo:bar; to ensure that traversal occurs from the root object. This patch is against Zope 2.2.1b1. It relies on the restrictedTraverse() api. A 2.1.x version would be possible, but would be rather messy. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net *** DT_HTML.py.old --- DT_HTML.py *************** *** 98,104 **** end_match=regex.compile('[\0- ]*\(/\|end\)', regex.casefold).match, start_search=regex.compile('[<&]').search, ! ent_name=regex.compile('[-a-zA-Z0-9_.]+').match, find=find, strip=strip, replace=replace, --- 98,104 ---- end_match=regex.compile('[\0- ]*\(/\|end\)', regex.casefold).match, start_search=regex.compile('[<&]').search, ! ent_name=regex.compile('[-a-zA-Z0-9_.:]+').match, find=find, strip=strip, replace=replace, *************** *** 156,162 **** d[1]=d['end']='' d[2]=d['name']='var' d[0]=text[s:e+1] ! d[3]=d['args']=args+' html_quote' return s else: nn=find(args,'-') --- 156,165 ---- d[1]=d['end']='' d[2]=d['name']='var' d[0]=text[s:e+1] ! d[3]=d['args']=':' in args \ ! and '"_.render(restrictedTraverse(\''+ \ ! replace(args,':','/')+'\'))" html_quote' \ ! or args+' html_quote' return s else: nn=find(args,'-') *************** *** 164,171 **** d[1]=d['end']='' d[2]=d['name']='var' d[0]=text[s:e+1] ! args=(args[nn+1:]+' '+ ! replace(args[:nn],'.',' ')) d[3]=d['args']=args return s --- 167,178 ---- d[1]=d['end']='' d[2]=d['name']='var' d[0]=text[s:e+1] ! path=args[nn+1:] ! args=(':' in path ! and '"_.render(restrictedTraverse(\''+ ! replace(path,':','/')+'\'))" ' ! or path+' ') \ ! +replace(args[:nn],'.',' ') d[3]=d['args']=args return s