> The Doctor What <[EMAIL PROTECTED]> wrote:

> * Tres Seaver ([EMAIL PROTECTED]) [001130 09:06]:
> > Chris Withers <[EMAIL PROTECTED]> wrote:
> > 'lambda' is actually a keyword, not a function, and hence works
> > fine in PM0.1.7.  'map()', 'filter()', et al., were deemed to
> > be susceptible to being used in DOS attacks, and hence are not
> > permitted in through-the-web code (they would need to be added
> > to the '_' namespace, like 'str()', et aliae).
> 
> For those of us who are trying to figure out everything at a low
> level, where would this be in the source?

 * 'lambda' as keyword:

     http://www.python.org/doc/1.5.2p2/ref/lambda.html#l2h-317

 * DTML sets up the "safe" functions (available in the '_'
   namespace), in:

     $SOFTWARE_HOME/DocumentTemplate/DT_Util.py.

 * "Old" PythonMethod stuff tries hard to limit the user to the
   same set of "builtins" as DTML;  see:

     $INSTANCE_HOME/Products/PythonMethod/Guarded.py

   (note that TemplateDict's "safe" methods are borrowed).

Tres.
-- 
===============================================================
Tres Seaver                                [EMAIL PROTECTED]
Digital Creations     "Zope Dealers"       http://www.zope.org

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to