Today I had to write this supporting method in my product to prevent a
rather strange Unauthorized error in my Page Template. My docstring
should explain what I understand::

    def unsafe_unicode_dict_getitem(self, dictionary, item):
        """ Return the value of this item in a dictionary object.

        Simply call the __getitem__ of this dictionary to pluck out an

        Why call this unsafe_...() ?
        If you try to do this in a guarded context (e.g. Script (Python)
        (or Page Template)) you'll get an Unauthorized error:

          d = {u'\xa3':1}
          d[u'\xa3'] # will raise an Unauthorized error

          # this works however
          d = {u'\xa3':1, u'asciiable':1}

        Why? I don't know. The place where it happens is the parental guardian
        function guarded_getitem() from

        By instead calling the __getitem__ from here in unrestricted python
        we can bypass this.
        return dictionary[item]

Is my app unsafe now?
Why is it not possible to get to __getitem__ if the key is non-ascii?

Peter Bengtsson,
Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to