[Charlie Reiman]
I want to have a DTML method that has this in it:
<dtml-let var1="'avalue'"> <dtml-var myscript> </dtml-let>
And a python script call myscript that does something like:
print mysterious_voodoo.getitem('var1')
The right text for mysterious_voodoo eludes me. How do I access dtml-let
set
variables from a python script context? Is it possible?
Passing the argument as a named keyword is something I want to avoid as there is a security issue with allowing users to type in URLs like
You can still use named keywords and positional parameters, just don't use them right from the URL query string. Construct and test them yourself - as you seem to be doing anyway - then you can use them safely. Conversely, if var1 comes directly from the URL query string, it could do damage no matter how you transfer it to a script. Cheers, Tom P