[ZPT] Re: "structure" and TAL interpretation

Casey Duncan casey at zope.com
Tue Jul 27 16:36:55 EDT 2004


On Tue, 27 Jul 2004 14:43:28 -0400
Fred Drake <fdrake at gmail.com> wrote:

> On Tue, 27 Jul 2004 16:11:27 +0200, Florent Guillaume <fg at nuxeo.com>
> wrote:
> > Really ? Then I see that as a huge bug and security hole...
> > 
> > +1 on removing it ASAP... Fortunately it's not the case in the Zope
> > 2 implementation, from what my tests give.
> 
> The more I look at this problem, the more annoyed the current TAL
> interpreter makes me.  ;-(
> 
> This is controlled, in part, by the "strictinsert" flag, which is true
> by default, but set to false from zope.pagetemplate
> (Products.PageTemplates in Zope 2).  I don't know of any way to set it
> to true from the content objects supplied with either Zope 2 or Zope
> 3, but could be missing something (yeah, I suppose grep *could* be
> buggy, or someone's doing something really nasty).
> 
> So perhaps this isn't a problem for Zope per se, but it certainly
> tells me that "strictinsert" is insane.  Is anyone using that (or
> using "structure" without setting strictinsert to false)?

I think I'll start using that right now. Thanks for pointing it out!

backwards-compatibility-is-a-bitch-ly yr's,

-Casey



More information about the ZPT mailing list