[Zope] RE: security assertion needed for dictionary?

Doyon, Jean-Francois jdoyon at NRCan.gc.ca
Mon Jun 18 12:06:43 EDT 2007


I just downloaded and checked.

>>> d =
feedparser.parse('http://feedparser.org/docs/examples/atom10.xml')
>>> d.__class__
<class 'feedparser.FeedParserDict'>

It looks like a dict, but it isn't.  You will need to put security
assertions on that class ... See the security section of the Zope book
for info on how to do that.

J.F. 

-----Original Message-----
From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On Behalf Of
tomvon
Sent: June 18, 2007 11:57
To: zope at zope.org
Subject: [Zope] RE: security assertion needed for dictionary?



<dtml-var "repr(newsfd)"> does the same as <dtml-var newsfd>. Here's a
snippet of what it shows:

{'feed': {'subtitle': u'', 'links': [{'href':
u'http://www.modscape.com/blog', 'type': 'text/html', 'rel':
'alternate'}],
'title': u'modscape.com Home', 'subtitle_detail': {'base':
'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value':
u'',
'language': None}, 'title_detail': {'base':
'http://www.modscape.com/blog/rss.xml', 'type': 'text/plain', 'value':
u'modscape.com Home', 'language': None}, 'link':
u'http://www.modscape.com/blog'}, 'status': 200, 'updated': (2007, 6,
18, 15, 54, 24, 0, 169, 0), 'encoding': 'iso-8859-15', 'bozo': 0,
'href':
'http://www.modscape.com/blog/rss.xml', 'headers': {'content-length':
'18486', 'via': '1.0 px02.bc.fw.cbs.net:80 (squid)', 'x-cache': 'MISS
from px02.bc.fw.cbs.net', 'x-powered-by': 'Zope (www.zope.org), Python
(www.python.org)', 'x-cache-lookup': 'HIT from px02.bc.fw.cbs.net:80',
'expires': 'Mon, 18 Jun 2007 16:54:24 GMT', 'server': 'Apache/2.0.52
(Red
Hat) DAV/2 SVN/1.2.3 mod_ssl/2.0.52 OpenSSL/0.9.7a PHP/5.1.2
mod_fastcgi/2.4.2', 'last-modified': 'Mon, 18 Jun 2007 15:54:24 GMT',
'connection': 'close', 'cache-control': 'max-age=3600', 'date': 'Mon, 18
Jun
2007 15:54:24 GMT', 'content-type': 'text/xml; charset=iso-8859-15'},
'version': 'rss20', 'etag': None, 'namespaces': {}, 'entries':
[{'updated':
u'Mon, Sep 04 2006, 06:23PM', 'updated_parsed': None, 'links': [{'href':
u'http://www.modscape.com/blog/index_html?showall=yes#id1157412223',
'type':
'text/html', 'rel': 'alternate'}], 'title': u'Ubuntu: Linux For Human
Beings', 'summary_detail': {'base':
'http://www.modscape.com/blog/rss.xml',
'type': 'text/html', 'value': u'ubuntu.jpg\n\nTom wrote:


Doyon, Jean-Francois-2 wrote:
> 
> Forgetting plone (which I know nothing about), dictionaries definitely

> do NOT need security assertions (like lists, strings, integers and all

> basic types).
> 
> Are you SURE it's a dictionary?  Most likely it just LOOKS like one 
> when represented as a string.
> 
> Try:
> 
> <div tal:content="python:repr(myFeed)">
> 
> To see exactly what it is ... It might be an instance of some object 
> that has a __str__ that makes it look like a dictionary?
> 
> J.F.
> 
> -----Original Message-----
> From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On Behalf 
> Of tomvon
> Sent: June 18, 2007 11:36
> To: zope at zope.org
> Subject: Re: [Zope] security assertion needed for dictionary?
> 
> 
> 
> I have the exact same problem and have been unable to find a solution 
> anywhere. Were you ever able to resolve this?
> 
> 
> sfmcfar wrote:
>> 
>> I apologize for cross-posting from the plone newsgroup. but after 
>> posting this I realized that this was more of a Zope issue than a 
>> Plone one.  I wish I could cut-and-paste (development is on the other

>> side of a firewall), so instead I'll be as clear as I can.
>> 
>> Anyway, I have a Plone product that contains a method called
>> getFeedSequence() that returns the result (a dictionary) from
>> feedparser.parse() (Feedparser is the generic RSS/Atom parser).  
>> 
>> In my template, I can do:
>> 
>> <div tal:define="myFeed python:getFeedSequence()">
>>   <div tal:content="python:myFeed">
>> 
>> And see the string representation of the dictionary with no problem.

>> But if I try and access a member of the sequence:
>> 
>> <div tal:define="myFeed python:getFeedSequence()">
>>   <div tal:content="python:myFeed['feed']['title']">
>> 
>> VerboseSecurity reports "The container has no security assertions.
>> Access to None of {[the entire RSS dictionary goes here]} denied."
>> 
>> How can I have permission to access the entire sequence but not a 
>> portion of it?  it appears to me that the sequence is fairly 
>> straightforward - a few nested dictionaries, but that's it.  Does 
>> this
> 
>> make any sense?
>> 
>> 
>> Thanks,
>> 
>> Stan
>> 
> 
> --
> View this message in context:
> http://www.nabble.com/security-assertion-needed-for-dictionary--tf3762
> 06
> 1.html#a11178187
> Sent from the Zope - General mailing list archive at Nabble.com.
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev ) 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
> 

--
View this message in context:
http://www.nabble.com/security-assertion-needed-for-dictionary--tf376206
1.html#a11178584
Sent from the Zope - General mailing list archive at Nabble.com.

_______________________________________________
Zope maillist  -  Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


More information about the Zope mailing list