[Zope-Coders] Re: Minor vulnerability in page templates

[Evan Simpson]

Shane Hathaway wrote:
> 1) What is the right fix?  We could make TAL generate tuples instead of
> lists.  Or maybe the macros need to be wrapped in something that allows no
> introspection by untrusted code, and TAL has to unwrap the macros before
> using them.  I'm leaning toward the second option.

Macros, macro collections, and TAL code objects should be class 
instances, not raw data structures.  At the very least, this would allow 
us to do away with the very peculiar "executable" statements that set 
the code version and other static attributes.  As a bonus, we get to 
make them opaque to restricted code.

One of These Days Soon (TM) I intend to refactor the TAL implementation, 
and this would be part of it.

I can't answer your other questions.

Cheers,

Evan @ 4-am