[Zope] safe read-only access to acquisition parent objects

Dieter Maurer dieter at handshake.de
Tue Mar 6 15:33:45 EST 2007


Eric Bréhault wrote at 2007-3-5 13:14 +0100:
>I have build a Plone product which allows users to enter a piece of Python
>code.
>This way, users can easily define their own actions without changing the
>product source code.
>
>Those pieces of code are executed using the exec Python command.

I would instead use TALES expressions of type python.

There are restricted -- which is very essential if you cannot
fully trust your users.



-- 
Dieter


More information about the Zope mailing list