[Zope-dev] Collector #839: Zope, Include re module in _ namespace
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 12 Apr 2000 07:43:23 +0100
On Tue, 11 Apr 2000 16:11:17 -0700 (PDT), tseaver@digicool.com wrote:
>Duncan Booth reported:
>
>> It would be very useful to have access to regular expression matching from DTML. Importing the re module into the _ namespace as is done for string, math and whrandom looks to me to be both safe and useful.
>>
>>
>
>with patch:
>
>> diff -r1.61 DT_Util.py
>> 205c205
>> < import string, math, whrandom
>> ---
>> > import string, math, whrandom, re
>> 219a220
>> > d['re']=re
>
>I am reluctant to Go There -- regexp's are notoriously
>hard to get right, and when they go south, they often
>take the family silver with them. It would be fairly
>trivial to write a back-tracking regexp, even
>inadvertently, the execution of which would be an
>effective denial-of-service attack on the server.
>
>DTML really isn't the right place for them, anyway:
>according to the prevailing wisdom of the zopemeisters,
>complicated logic belongs in Python, rather than in
>DTML. (However, PythonMethods won't have access to
>the re module either without some help)
>
>I'm CC'ing this reply to the zope-dev list for further
>feedback.
>
There is an extra reason for using an external method: python's re
module has a significant overhead when initially compiling the
expression. If the expression is going to be used more than once, you
really want to cache the compiled version. dtml wouldnt let you do
that.
Toby Dickenson
tdickenson@geminidataloggers.com