I was able to do the following with Titanium Desktop (which uses it)
to access the DOM from Python:
script type=text/python
def hello(s):
document.getElementById('foo').innerHTML = s
/script
div Hello div id=fooWorld/div/div
scripthello(tav)/script
More relevant links:
* http
something obvious. Thanks!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman
find
the reStructuredText source of the article at
http://github.com/tav/blog/tree/master
Many thanks to everyone who took part in the challenge -- it was very
informative and fun!
Please let me know what else I need to do to get the patch accepted. Thanks!
--
love, tav
plex:espians/tav | t
that this isn't the way that this code will
actually be used in practise. This is just a challenge to see if the
model holds...
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
this in v8 -- got a website that I can link to for the blog?
And instead of trying to make tb_frame go away, I'd like to add the
following to my proposed patch of RESTRICTED attributes:
* f_code
* f_builtins
* f_globals
* f_locals
That seems to do the trick...
--
love, tav
plex:espians/tav | t
discourage any approaches using proxies. The
performance penalties will just be insane.
If you really want one though -- check out Zope proxy. It already
implements this quite well and you can use it today! =)
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http
Hey Andrew Victor,
tav But the challenge was about doing `from safelite import FileReader`.
Andrew Though it doesn't say so on the first post on this thread
Andrew nor your page at
Andrew http://tav.espians.com/a-challenge-to-break-python-security.html
Sorry, perhaps I should have
that seem reasonable to you all?
tav
http://github.com/tav/plexnet/tree/9dabc570a2499689e773d1af3599a29102071f80/source/plexnet/util
martin What is the objective of this code? Is it a complete
martin sandbox? If not, is a complete sandbox based on
martin it available somehow for review
And, here's a version for Python 2.6+ -- diffed against an svn
checkout of the current python/trunk:
http://codereview.appspot.com/21051/show
Please review also. Cheers!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
and accept =)
* http://codereview.appspot.com/20051
* http://codereview.appspot.com/21051
Thanks!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
Please try and break this.
On a fresh Python interpreter, do the following
someone out there has a few spare minutes.
The patch is just 6 lines of code...
Someone? Pretty please? =)
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | @tav | skype:tavespian
___
Python-Dev mailing list
it to c.l.py
Done.
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
Please try and break this.
On a fresh Python interpreter, do the following:
from safelite import FileReader
You should now be able to read
I take it back, we need to find all the trivial ones too.
Agreed!
BTW Tav, you ought to create a small website for this challenge. A
blog post or wiki page would suffice.
Done.
http://tav.espians.com/a-challenge-to-break-python-security.html
Please blog/retweet and of course, try
possibly enable a secured Python interpreter ?
OTOH, the patch looks harmless (with minor corrections). It could
be considered a bug fix for the current set of restricted attributes
Yes, and it is in that light that I would like the patch to be accepted.
--
love, tav
plex:espians/tav | t
it is someone finding a way to bypass it
completely in Python and this challenge is an attempt to see if we can
find such a way.
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
Hey all,
victor Could you keep all versions of safelite.py?
I took Steven D'Aprano's advice and added a VERSION attribute and
state the latest version on
http://tav.espians.com/a-challenge-to-break-python-security.html
Is that okay?
antoine I guess Tav should open a restaurant :-)
Hehe
Hey Victor,
You definitely got to the heart of the challenge.
f.tell.__getattribute__('func_closure')
But, have you actually run that code?
Cos that doesn't work here... sorry if I missed something...
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http
-- this is turning out great!!
--
love, tav
plex:espians/tav | t...@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo
?
If it would be helpful, I am happy to maintain this as Python evolves.
I've already been maintaining the PJE-inspired ctypes-based approach
and monkeypatches for various Python versions for a while now. See
secure.py, secure25.py, secure26.py and secure30.py in:
http://github.com/tav/plexnet/tree
*) as members of FunctionType -- isn't it
possible to add functionality to the ``new`` module which would allow
one to read/write func_closure?
--
love, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTECTED] | +44 (0) 7809 569 369
. :)
w00p!
so, suggestions as to how one can go about getting those 2 access methods moved?
--
thanks, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTECTED] | +44 (0) 7809 569 369
___
Python-Dev mailing list
Python-Dev@python.org
I love you PJE! Thank you! =)
On 6/28/07, Phillip J. Eby [EMAIL PROTECTED] wrote:
At 05:23 PM 6/28/2007 +0100, tav wrote:
Any pointers on removing members via ctypes front?
Whilst I can understand even the most obscure aspects of your python
code fine, I'm not familiar with C/ctypes
? ;p
Thanks in advance for your thoughts.
--
love, tav
founder and ceo, esp metanational llp
plex:espians/tav | [EMAIL PROTECTED] | +44 (0) 7809 569 369
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
23 matches
Mail list logo