I've been thinking about submitting some changes to PythonMethods, but now that they're going to be part of Zope, I thought I should put the idea out for discussion first. A minor annoying side-effect of the safety restrictions on PMs is that you can't manipulate local data structures directly. For example, if you create a dictionary or list to hold some objects, you can't scan through and delete items from it. You have to build a new list or dict instead. I think it should be possible to safely allow some normally illegal operations as long as Zope can verify that you created the target object. When a PythonMethod compiles its code, the following steps would take place: 1. A dict flagging local names as 'safe' or 'unsafe' (0 or 1) is created, defaulting to 'safe' for all. 2. When a local variable is set to a list or dict literal (BUILD_LIST or BUILD_MAP sequence followed by STORE_FAST) the variable name is left alone. 3. When a local variable is set to anything else the name is flagged 'unsafe'. 4. Index and slice assignment and deletion are allowed on a bare name if the name is still flagged 'safe' at the end. This isn't by any means smart enough to allow all 'safe' cases to be allowed, but it will never let you perform an 'unsafe' operation. It provides just enough leeway for you to create local lists and dicts and do whatever you want to them, so long as you keep them in a local variable. The allowed operations in (4) are, more formally, STORE_SUBSCR, DELETE_SUBSCR, STORE_SLICE*, and DELETE_SLICE* where the first operand is the result of a LOAD_FAST of a 'safe' name. Thoughts? Evan @ 4-am