shouldnt this prevent that? def dictify(p): """ Since the FeedParser returns a dictionary-like class instance, rather than a real dictionary, We must iterate through all nested instances and convert them to dicts to avoid security problems within Zope. I have no idea *why* feedparser doesn't just use real nested dicts in the first place. """ newdict = {} if type(p) in [types.DictionaryType, types.InstanceType]: d = p # for clarity for k,v in d.items(): newdict[k] = dictify(v) elif type(p) == types.ListType: l = p # for clarity for ss,v in zip(xrange(len(l)), l): l[ss] = dictify(v) return l else: return p return newdict On Jun 15, 2007, at 11:49 AM, Andreas Jung wrote:
--On 15. Juni 2007 11:45:49 -0400 Tom Von Lahndorff <tom@modscape.com> wrote:
<dtml-let news="newsfeed(feedurl='http://www.modscape.com/blog/ rss.xml')">
<dtml-var "news.feed.href">
</dtml-let>
gives:
Site Error
An error was encountered while publishing this resource.
Error Type: Unauthorized Error Value: You are not allowed to access 'feed' in this context
Likely because the module has no security assertions. All your stuff runs under the conditions of Restricted Python. The standard Zope security applies.
-aj