Regular expressions should be allowed by default. I've spent some time trying to find out why regular expressions are not allowed in Zope throught-the-web development. The answer I hear is: "Because it's a security issue". Digging a little deeper, it turns out to be because TTW script developers can cause a Denial of Service from Zope by writing a particular nasty regular expression in a script, causing Zope to use 100% cpu time. So it's a question of trust. But surely a script developer can be trusted not to cause a DoS on the site he's working on! Script developers should be empowered, not crippled! Some common objections: "People can just write an external scripts instead." - True, but it also makes everyday work much more cumbersome. And some script developers don't have access to the file system. Surely, TTW scripts exist to make life easier for site developers. "The administrator can allow the 're' module." Also true, but some people won't do that because they think it will expose their site to all kind of attacks from anonymous users. This isn't the case (or is it?). So there it is. I'm writing this because I think that Zope is missing out on a great feature, and because I haven't gotten any answers indicating that there are other (worse) reasons why regular expressions are banned. Am I wrong? Am I being silly here? Sincerely, Tue Wennerberg Civilingeniør og Freelance Udvikler http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735