[Zope-dev] Re: 2.9.4? reStructuredText support?

Florent Guillaume fg at nuxeo.com
Sun Jul 9 11:26:13 EDT 2006


Tres Seaver wrote:
> Another possible fix would be to patch docutils to make the
> configuration directive for file inclusion disabled by default;  that
> would allow a trusted module to enable them for a given parse, without
> exposing the feature for untrusted code.

Which should be how upstream docutils should be coded in the first place.

That file inclusion is allowed by default is beyond me, when the 
experience of many other systems like TeX or PostScript show that it's a 
huge security hole.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com


More information about the Zope-Dev mailing list