[ZPT] "structure" and TAL interpretation
Fred Drake
fdrake at gmail.com
Tue Jul 27 14:43:28 EDT 2004
On Tue, 27 Jul 2004 16:11:27 +0200, Florent Guillaume <fg at nuxeo.com> wrote:
> Really ? Then I see that as a huge bug and security hole...
>
> +1 on removing it ASAP... Fortunately it's not the case in the Zope 2
> implementation, from what my tests give.
The more I look at this problem, the more annoyed the current TAL
interpreter makes me. ;-(
This is controlled, in part, by the "strictinsert" flag, which is true
by default, but set to false from zope.pagetemplate
(Products.PageTemplates in Zope 2). I don't know of any way to set it
to true from the content objects supplied with either Zope 2 or Zope
3, but could be missing something (yeah, I suppose grep *could* be
buggy, or someone's doing something really nasty).
So perhaps this isn't a problem for Zope per se, but it certainly
tells me that "strictinsert" is insane. Is anyone using that (or
using "structure" without setting strictinsert to false)?
Sigh.
-Fred
--
Fred L. Drake, Jr. <fdrake at gmail.com>
More information about the ZPT
mailing list