[Zope] Re: Error -> A TaintedString cannot be pickled
Josef Meile
jmeile@hotmail.com
Wed, 16 Apr 2003 21:26:05 +0200
> Tainted strings are new in Zope 2.6 to make it more difficult
> that cross scripting bugs slip in.
>
> If you are lucky, there is an explicite conversion between
> a tainted string and a string. If not, you must make one in
> an External Method.
Thanks for your reply.
I just found this thread about TaintedStrings:
http://mail.zope.org/pipermail/zope-coders/2002-August/001598.html
and my case was exposed there:
> Passing a TaintedString value from a DTML template to other objects such
> as Python code, External Methods, Python Scripts, etc, may cause them to
> break because they did not anticipate a TaintedString object.
Actually my case it's really uncommon, but as you see it can happen:
one of the users wanted to say that the dimmensions of something should be
minor than 1 m, so he wrote "< 1 m". Then come that exception.
One possible solution could be to convert all the "<" symbols to "<". But
I was wondering if there is another way of dealing with this TaintedStrings
(appart of disabling the check, off course).
Regards,
Josef