Tres Seaver wrote:
> Hanno Schlichting wrote:
>> Tres Seaver wrote:
>>> Using __setitem__ and __delitem__ has security implicatinos for
>>> untrusted code:   how are you addressing them?
>> Maybe I'm missing some knowledge about the security machinery then. I
>> thought the methods wouldn't be available to untrusted code at all, as
>> they start with an underscore. You simply won't be able to write
>> om['id'] in untrusted code and still need to use the existing API.
> You don't access them by name when doing 'del om["id"]' or 'om["id"] =
> None', so the underscore doesn't matter.  I just tried from a
> PythonScript and got a TypeError out of the RestrictedPython.Guards
> module, so I guess that the obvious cases are covered.

Ok. I'll need to add more tests for these cases then.


Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to