[Zope] python methods
Tres Seaver
tseaver@digicool.com
Thu, 30 Nov 2000 22:09:28 -0500
> The Doctor What <docwhat@gerf.org> wrote:
> * Tres Seaver (tseaver@digicool.com) [001130 09:06]:
> > Chris Withers <chrisw@nipltd.com> wrote:
> > 'lambda' is actually a keyword, not a function, and hence works
> > fine in PM0.1.7. 'map()', 'filter()', et al., were deemed to
> > be susceptible to being used in DOS attacks, and hence are not
> > permitted in through-the-web code (they would need to be added
> > to the '_' namespace, like 'str()', et aliae).
>
> For those of us who are trying to figure out everything at a low
> level, where would this be in the source?
* 'lambda' as keyword:
http://www.python.org/doc/1.5.2p2/ref/lambda.html#l2h-317
* DTML sets up the "safe" functions (available in the '_'
namespace), in:
$SOFTWARE_HOME/DocumentTemplate/DT_Util.py.
* "Old" PythonMethod stuff tries hard to limit the user to the
same set of "builtins" as DTML; see:
$INSTANCE_HOME/Products/PythonMethod/Guarded.py
(note that TemplateDict's "safe" methods are borrowed).
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org