Hi,
On 2011-03-21 4:21 PM, Joshua Bronson wrote:
I suspected there was some good reason. Now I'm curious how you could
use the built-in dict to break something. :)
As it turns out, **foo now has the same logic as dict(foo) so it already
can be used to bypass the sandbox if someone is careful designing the
classes. I might change the dict at that point, not yet decided.
The problem is that if an object has a .keys(), dict will use that to
__getitem__ all values which bypasses environment.getitem which is
normally used to do the lookups.
Regards,
Armin
--
You received this message because you are subscribed to the Google Groups
"pocoo-libs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pocoo-libs?hl=en.
