[Zope] RE: security assertion needed for dictionary?
Doyon, Jean-Francois
jdoyon at NRCan.gc.ca
Mon Jun 18 12:06:43 EDT 2007
I just downloaded and checked.
>>> d =
feedparser.parse('http://feedparser.org/docs/examples/atom10.xml')
>>> d.__class__
<class 'feedparser.FeedParserDict'>
It looks like a dict, but it isn't. You will need to put security
assertions on that class ... See the security section of the Zope book
for info on how to do that.
J.F.
-----Original Message-----
From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On Behalf Of
tomvon
Sent: June 18, 2007 11:57
To: zope at zope.org
Subject: [Zope] RE: security assertion needed for dictionary?
<dtml-var "repr(newsfd)"> does the same as <dtml-var newsfd>. Here's a
snippet of what it shows:
{'feed': {'subtitle': u'', 'links': [{'href':
u'http://www.modscape.com/blog', 'type': 'text/html', 'rel':
'alternate'}],
'title': u'modscape.com Home', 'subtitle_detail': {'base':
'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value':
u'',
'language': None}, 'title_detail': {'base':
'http://www.modscape.com/blog/rss.xml', 'type': 'text/plain', 'value':
u'modscape.com Home', 'language': None}, 'link':
u'http://www.modscape.com/blog'}, 'status': 200, 'updated': (2007, 6,
18, 15, 54, 24, 0, 169, 0), 'encoding': 'iso-8859-15', 'bozo': 0,
'href':
'http://www.modscape.com/blog/rss.xml', 'headers': {'content-length':
'18486', 'via': '1.0 px02.bc.fw.cbs.net:80 (squid)', 'x-cache': 'MISS
from px02.bc.fw.cbs.net', 'x-powered-by': 'Zope (www.zope.org), Python
(www.python.org)', 'x-cache-lookup': 'HIT from px02.bc.fw.cbs.net:80',
'expires': 'Mon, 18 Jun 2007 16:54:24 GMT', 'server': 'Apache/2.0.52
(Red
Hat) DAV/2 SVN/1.2.3 mod_ssl/2.0.52 OpenSSL/0.9.7a PHP/5.1.2
mod_fastcgi/2.4.2', 'last-modified': 'Mon, 18 Jun 2007 15:54:24 GMT',
'connection': 'close', 'cache-control': 'max-age=3600', 'date': 'Mon, 18
Jun
2007 15:54:24 GMT', 'content-type': 'text/xml; charset=iso-8859-15'},
'version': 'rss20', 'etag': None, 'namespaces': {}, 'entries':
[{'updated':
u'Mon, Sep 04 2006, 06:23PM', 'updated_parsed': None, 'links': [{'href':
u'http://www.modscape.com/blog/index_html?showall=yes#id1157412223',
'type':
'text/html', 'rel': 'alternate'}], 'title': u'Ubuntu: Linux For Human
Beings', 'summary_detail': {'base':
'http://www.modscape.com/blog/rss.xml',
'type': 'text/html', 'value': u'ubuntu.jpg\n\nTom wrote:
Doyon, Jean-Francois-2 wrote:
>
> Forgetting plone (which I know nothing about), dictionaries definitely
> do NOT need security assertions (like lists, strings, integers and all
> basic types).
>
> Are you SURE it's a dictionary? Most likely it just LOOKS like one
> when represented as a string.
>
> Try:
>
> <div tal:content="python:repr(myFeed)">
>
> To see exactly what it is ... It might be an instance of some object
> that has a __str__ that makes it look like a dictionary?
>
> J.F.
>
> -----Original Message-----
> From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On Behalf
> Of tomvon
> Sent: June 18, 2007 11:36
> To: zope at zope.org
> Subject: Re: [Zope] security assertion needed for dictionary?
>
>
>
> I have the exact same problem and have been unable to find a solution
> anywhere. Were you ever able to resolve this?
>
>
> sfmcfar wrote:
>>
>> I apologize for cross-posting from the plone newsgroup. but after
>> posting this I realized that this was more of a Zope issue than a
>> Plone one. I wish I could cut-and-paste (development is on the other
>> side of a firewall), so instead I'll be as clear as I can.
>>
>> Anyway, I have a Plone product that contains a method called
>> getFeedSequence() that returns the result (a dictionary) from
>> feedparser.parse() (Feedparser is the generic RSS/Atom parser).
>>
>> In my template, I can do:
>>
>> <div tal:define="myFeed python:getFeedSequence()">
>> <div tal:content="python:myFeed">
>>
>> And see the string representation of the dictionary with no problem.
>> But if I try and access a member of the sequence:
>>
>> <div tal:define="myFeed python:getFeedSequence()">
>> <div tal:content="python:myFeed['feed']['title']">
>>
>> VerboseSecurity reports "The container has no security assertions.
>> Access to None of {[the entire RSS dictionary goes here]} denied."
>>
>> How can I have permission to access the entire sequence but not a
>> portion of it? it appears to me that the sequence is fairly
>> straightforward - a few nested dictionaries, but that's it. Does
>> this
>
>> make any sense?
>>
>>
>> Thanks,
>>
>> Stan
>>
>
> --
> View this message in context:
> http://www.nabble.com/security-assertion-needed-for-dictionary--tf3762
> 06
> 1.html#a11178187
> Sent from the Zope - General mailing list archive at Nabble.com.
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
>
--
View this message in context:
http://www.nabble.com/security-assertion-needed-for-dictionary--tf376206
1.html#a11178584
Sent from the Zope - General mailing list archive at Nabble.com.
_______________________________________________
Zope maillist - Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
More information about the Zope
mailing list