[Zope] Re: eval in DTML
Gregory Dudek
dudek at cim.mcgill.ca
Sun Feb 8 10:50:40 EST 2004
To do an eval that's fairly safe,
you could use an external method
like
def my_zope_eval(s,dict=None):
'''evaluate *s* in *dict*.'''
if dict is None: dict= {}
dict['__builtins__']= None
return eval(s,dict)
This is an old solution due to Dieter. Note that there
are still dangerous things that a malicious use could
do with this. There
are several alternatives. Using
RestrictedPython may allow for other nice solutions.
Greg
More information about the Zope
mailing list