Chris Withers wrote:
> Jim Fulton wrote:
>> On Oct 24, 2008, at 10:01 AM, Chris Withers wrote:
>>> Jim Fulton wrote:
>>>> The problem is that it it starts with an environment in which things
>>>> are allowed by default, and takes things away. This means that if
>>>> anything is forgotten, then you end up with holes.
>>> Isn't there a way we could change the AST manipulation such that we
>>> start with nothing and only allow opcodes as and when they're added to
>>> the RestrictedPython implementation?
>> No. we're starting with an existing program written in a Python script
>> or expression. We then have to sanitize it.
> Could that sanitization could be a filter that lets nothing through, and
> then builds from there?
Yes, and if such a change leads to faster adoption of new Python
releases by Zope, then it seems like a worthwhile effort. Instead of a
tree mutator, RestrictedPython would use a tree copier with a filter.
New Python features would initially not be supported at all, but that's
better than accidentally, insecurely, supporting new features.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -