[Zope] Re: eval in DTML

Gregory Dudek dudek at cim.mcgill.ca
Sun Feb 8 10:50:40 EST 2004


To do an eval that's fairly safe,
you could use an external method
like

         def my_zope_eval(s,dict=None):
             '''evaluate *s* in *dict*.'''
             if dict is None: dict= {}
             dict['__builtins__']= None
             return eval(s,dict)

This is an old solution due to Dieter.  Note that there
are still dangerous things that a malicious use could
do with this.  There
are several alternatives.  Using
RestrictedPython may allow for other nice solutions.

Greg



More information about the Zope mailing list