Hello, I have a site where people can upload arbitrary html to view it. I do not want these users to be able to execute dtml. I have turned off all permissions for the anonymous users except for view and access contents, but dtml is still evaluated in these html files. Is it possible to suppress all evaluation of content and just act as a web server for certain areas or for certain files? Thnx, VanL
Hi- Simply prevent them from making any file type other than "File". File objects which are text or html should automatically be editable in the ZMI just like DTML Documents/Methods. Do note, however, that File objects will NOT have any way to pick up a standard header or footer, as <dtml-var> tags are ignored. HTH, --Quentin On Wednesday, July 10, 2002, at 02:22 PM, VanL wrote:
Hello,
I have a site where people can upload arbitrary html to view it. I do not want these users to be able to execute dtml. I have turned off all permissions for the anonymous users except for view and access contents, but dtml is still evaluated in these html files.
Is it possible to suppress all evaluation of content and just act as a web server for certain areas or for certain files?
Thnx,
VanL
Don't upload the files as DTML. Instead, upload them as File objects with MIME type of text/html. That should do the trick. Depending on how they upload the data, you might need to make a PUT factory to insure uploaded data gets the right object and type.
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of VanL Sent: Wednesday, July 10, 2002 11:23 AM To: zope@zope.org Subject: [Zope] Suppress evaluation of dtml?
Hello,
I have a site where people can upload arbitrary html to view it. I do not want these users to be able to execute dtml. I have turned off all permissions for the anonymous users except for view and access contents, but dtml is still evaluated in these html files.
Is it possible to suppress all evaluation of content and just act as a web server for certain areas or for certain files?
Thnx,
VanL
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Charlie Reiman -
Quentin Smith -
VanL