In zope/app/publisher/http.zcml we have
attributes="get __getitem__ __str__" />
I think this should be zope.Public. Otherwise unauthorized users
viewing an untrusted page template will get errors from a template
that tries to do things like tal:attributes="action request/URL".
A non-public permission is particularly problematic because URLGetter
doesn't have an __parent__ attribute; therefore, there's no context
for someone to *get* zope.View in the current public zope 3 security
policies (and even then, the context would be request, and where
should *it* get a security context?)
Objections? I probably won't port this back to 3.3 unless folks
request it, since I'm not sure if it is a bugfix (port) or a policy
change (don't port).
I'm going to change this in the trunk now.
Zope3-dev mailing list