Evan Simpson wrote:

>From: Itai Tavor <[EMAIL PROTECTED]>
>>  In Python Methods I could do urllib.quote(...). This doesn't work in
>>  Python Scripts. Is quote considered a security risk?
>No, but only the modules available to DTML are importable by default.   You
>would need to provide security declarations in order to import anything from

I seem to be practicing FUD on myself...

The reason I could do urllib.quote in Python Methods was that I 
implemented the MoreBuiltins trick someone described here a while 
ago. It added a bunch of modules to TemplateDict, making them 
available to Python Methods. That was a set-and-forget kind of thing, 
so I forgot it :-)

So the questions I should have asked are: 1) Why can't we have urllib 
in Python Scripts - and you answered that, and 2) Why doesn't the 
MoreBuiltins trick work with Python Scripts? The new Guarded.py seems 
to only pick selected modules from TemplateDict, so the extra modules 
are ignored.

Is there anything that can be done so that adding modules continues 
to work? I don't understand what you mean by providing security 
declarations - that doesn't sound like something I can do myself - 
without hacking the Python Scripts code, that is.

Itai Tavor                    "Je sautille, donc je suis."
C3Works    [EMAIL PROTECTED]              - Kermit the Frog

"If you haven't got your health, you haven't got anything"

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to