Evan Simpson <evan@digicool.com> wrote:
----- Original Message ----- From: Tres Seaver <tseaver@palladion.com>
That 'leaves.update(..}' is a really ugly workaround to the fact that PythonMethods won't allow the "natural" dictionary manipulation: 'leaves[ leaf.id ] = leaf'. While I understand not wanting to allow key replacement in "global" dictionaries, can we lose this restriction for "local" ones?
Yes we can, provided you code carefully. See my PROPOSAL: in Zope-dev a few weeks ago.
(OTOH, we need to look at potential security issues around the use of update(), too).
Too true. Any exposed list or dict needs a sharp examination.
Cheers,
Evan @ digicool
Hmm, maybe we need to wrap any "global" dictionary / list in a "readonly decorator", and let lists/dictionaries declared locally be the "normal" ones. Actually, looking at the stock Python UserDict, we could just wrap any dictionary exposed inside a PythonMethod (DTML, too?) in a UserDict: its __init__() method already makes a (shallow) copy of the dictionary passed to it. Any key assignments done would thus be localized (although mutable values inside the source dictionary could still be munged). Tres. -- ========================================================= Tres Seaver tseaver@palladion.com 713-523-6582 Palladion Software http://www.palladion.com