Tres Seaver wrote:
> Hanno Schlichting wrote:
>> Tres Seaver wrote:
>>> Using __setitem__ and __delitem__ has security implicatinos for
>>> untrusted code: how are you addressing them?
>> Maybe I'm missing some knowledge about the security machinery then. I
>> thought the methods wouldn't be available to untrusted code at all, as
>> they start with an underscore. You simply won't be able to write
>> om['id'] in untrusted code and still need to use the existing API.
> You don't access them by name when doing 'del om["id"]' or 'om["id"] =
> None', so the underscore doesn't matter. I just tried from a
> PythonScript and got a TypeError out of the RestrictedPython.Guards
> module, so I guess that the obvious cases are covered.
Ok. I'll need to add more tests for these cases then.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -