Thank you for your answers. Charlie Reiman wrote:
There was a discussion of this months ago. There are, IIRC, two big answers.
1) It's easy to write a regexp that sucks down time, above and beyond what you would expect. Since Zope is often used as a general CMF for non technical people, exposing regexes is a bad idea (I don't buy this answer myself...)
2) The python regex package is in C and no one has written the security wrapping code that Zope requires. I'm fuzzy on the details but this answer makes a lot more sense.
Well yes, if regular expressions were a security risk. This seems to be the general notion, but can anyone actually give an example?
Thus the answer is most likely that it is not exposed because no one got around to it. Since the security risk is pretty small and you can easily expose it yourself, I don't think there is much pressure to fix the problem for real.
Guess not. -- Mvh. Tue Wennerberg Civilingeniør og Freelance Udvikler http://tuewennerberg.dk/ - tue@wennerberg.dk - (+45) 4043 6735