l/tree/master
I was able to do the following with Titanium Desktop (which uses it)
to access the DOM from Python:
def hello(s):
document.getElementById('foo').innerHTML = s
Hello World
hello("tav")
More relevant links:
* http://www.appcelerator.com/
* http://githu
if I've missed something obvious. Thanks!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.pytho
s. You can find
the reStructuredText source of the article at
http://github.com/tav/blog/tree/master
Many thanks to everyone who took part in the challenge -- it was very
informative and fun!
Please let me know what else I need to do to get the patch accepted. Thanks!
--
love, tav
plex:espia
Hey Andrew & Victor,
tav> But the challenge was about doing `from safelite import FileReader`.
Andrew> Though it doesn't say so on the first post on this thread
Andrew> nor your page at
Andrew> http://tav.espians.com/a-challenge-to-break-python-security.html
Sorry,
; real world
> jail <-- proxy objects -- real world
Ehm, I'd strongly discourage any approaches using proxies. The
performance penalties will just be insane.
If you really want one though -- check out Zope proxy. It already
implements this quite well and you can use it today! =)
--
l
has to go.
I've fixed this in v8 -- got a website that I can link to for the blog?
And instead of trying to make tb_frame go away, I'd like to add the
following to my proposed patch of RESTRICTED attributes:
* f_code
* f_builtins
* f_globals
* f_locals
That seems to do the trick...
--
ite`... so, sorry =(
You have to remember that this isn't the way that this code will
actually be used in practise. This is just a challenge to see if the
model holds...
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians
= args[1]['sys']
>
> except Exception, v:
> print "Exception:", v
> return warnings
>
> # Put the bogus module at the doorstep...
> __builtins__.warnings = warnings
>
> # and have the thug replacing the doorman
> __builtins__.
(None, None,
# None) Then, tb.tb_frame gives an attribute error
I can't seem to find the place in the Python source where exc_info()
behaves differently under restricted mode...
Thoughts on which of the two options is better would be very appreciated!
And thanks for the ongoin
Hey Victor,
You definitely got to the heart of the challenge.
> f.tell.__getattribute__('func_closure')
But, have you actually run that code?
Cos that doesn't work here... sorry if I missed something...
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0)
Hey all,
victor> Could you keep all versions of safelite.py?
I took Steven D'Aprano's advice and added a VERSION attribute and
state the latest version on
http://tav.espians.com/a-challenge-to-break-python-security.html
Is that okay?
antoine> I guess Tav should open a rest
validate
the model or the possibility of using it in Python.
What would invalidate it is someone finding a way to bypass it
completely in Python and this challenge is an attempt to see if we can
find such a way.
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 5
.
How about: "it could possibly enable a secured Python interpreter" ?
> OTOH, the patch looks harmless (with minor corrections). It could
> be considered a bug fix for the current set of restricted attributes
Yes, and it is in that light that I would like the patch to be accepte
> I take it back, we need to find all the trivial ones too.
Agreed!
> BTW Tav, you ought to create a small website for this challenge. A
> blog post or wiki page would suffice.
Done.
http://tav.espians.com/a-challenge-to-break-python-security.html
Please blog/retweet and of course
to try and break it, I
steven> suggest you send it to c.l.py
Done.
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
"""
Please try and break this.
On a fresh Python interpreter, do the fo
27;s cool -- thanks for this much!
I'm hoping someone out there has a few spare minutes.
The patch is just 6 lines of code...
Someone? Pretty please? =)
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
__
s existing restricted
framework in the interpreter.
Please review and accept =)
* http://codereview.appspot.com/20051
* http://codereview.appspot.com/21051
Thanks!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
"&quo
And, here's a version for Python 2.6+ -- diffed against an svn
checkout of the current python/trunk:
http://codereview.appspot.com/21051/show
Please review also. Cheers!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tave
rexec module.
Does that seem reasonable to you all?
tav>
http://github.com/tav/plexnet/tree/9dabc570a2499689e773d1af3599a29102071f80/source/plexnet/util
martin> What is the objective of this code? Is it a complete
martin> sandbox? If not, is a complete sandbox based on
mar
mvent the guard?
If it would be helpful, I am happy to maintain this as Python evolves.
I've already been maintaining the PJE-inspired ctypes-based approach
and monkeypatches for various Python versions for a while now. See
secure.py, secure25.py, secure26.py and secure30.py in:
http://gi
I love you PJE! Thank you! =)
On 6/28/07, Phillip J. Eby <[EMAIL PROTECTED]> wrote:
> At 05:23 PM 6/28/2007 +0100, tav wrote:
> >Any pointers on removing members via ctypes front?
> >
> >Whilst I can understand even the most obscure aspects of your python
> >c
ut it in 2.3/2.4 and didn't know it had been
> added in 2.5. :)
w00p!
so, suggestions as to how one can go about getting those 2 access methods moved?
--
thanks, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTECTED] | +44 (0) 7809 569 369
__
as been following your work on generic functions from way
before RuleDispatch, I really want to see PEP 3124 in 3.0
But, all I am asking for is to not expose func_closure (and perhaps
some of the other func_*) as members of FunctionType -- isn't it
possible to add functional
red. Am I missing something obvious that prevents me from
doing that?
Can we get rid of them for Python 2.6? Or even 2.5.2? Is anyone
besides PJE actually using them? ;p
Thanks in advance for your thoughts.
--
love, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTEC
24 matches
Mail list logo
