[Zope-dev] HTMLFile vs DTMLFile

2006-09-22 Thread Patrick Gerken

Hello,

looking through old bugs, I saw one about some issue with HTMLFile. I
started to wonder, why would want somebody to use HTLMFile, if
DTMLFile exists, and DTMLFile, allows you to define your own global
namespace, what HTMLFile doesn't
According to this thread
http://marc.theaimsgroup.com/?l=zope-devm=100160092618036w=2
The basic difference is that DTMLFile does some mangling with the
global namespace that HTMLFile doesn't, thus making HTMLFile a bit
more dangerous.

Might HTMLFile be a candidate for deprecation?

best regards,

   Patrick Gerken
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] HTMLFile vs DTMLFile

2001-09-27 Thread Dario Lopez-Kästen

Hello!

Why would one want to use DTMLFile or HTMLFile, and what are the
differences, benefits or drawbacks of each?

Thanks in advance,

/dario - wanting to understand...

- 
Dario Lopez-Kästen Systems Developer  Chalmers Univ. of Technology
[EMAIL PROTECTED]  ICQ will yield no hitsIT Systems  Services



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] HTMLFile vs DTMLFile

2001-09-27 Thread Toby Dickenson

On Thu, 27 Sep 2001 15:48:45 +0200, Dario Lopez-Kästen
[EMAIL PROTECTED] wrote:

Why would one want to use DTMLFile or HTMLFile, and what are the
differences, benefits or drawbacks of each?

Both of them use files stored in the filesystem, which means they are
completely trusted. No security checks are performed as they execute.

DTMLFile is the usual choice. It sets up the dtml namespace so that
the first place searched is the object that the DTMLFile is an
attribute of.

HTMLFile doesnt tweak the namespace in this way; it will be in the
same state as provided by your caller. This makes it very easy to open
a security hole. HTMLFile should be avoided unless you have a very
good reason to need it.

(there was a full description of the potential security hole in the
Collector)

Toby Dickenson
[EMAIL PROTECTED]

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )