You are not logged in Log in Join
You are here: Home » Members » 4AM Productions (Evan Simpson) » PythonMethodWiki » PlannedBehavior
Log in
Name

Password

 
Link icon Forgot your password?
 
Print
FrontPage »

PlannedBehavior

Python Methods Planned Behavior

  • uses GuardedBlock for security
  • copies methods from DocumentTemplate.DT_Util.TemplateDict into the builtins dictionary
  • uses the Bindings tab to make the container, context, method object, caller's DTML namespace, and traversal information available through user-chosen names.
  • recurses into code blocks, allowing lambdas and nested function definitions.

GuardedBlock security

  • co_names is checked for multi-character names beginning with "_".
  • print statements are replaced with calls to a function that stores the text in a list. The concatenation of these strings is available through global variable printed. If printed is not read, but print statements are used, a warning is printed.
  • assignments to attributes, items, or slices are replaced with calls to methods of the container. These are named __guarded_setattr__, __guarded_setitem__, and __guarded_setslice__.
  • del statements that operate on attributes, items, or slices are replaced with calls to methods of the container. These are named __guarded_delattr__, __guarded_delitem__, and __guarded_delslice__.
  • Literal lists and dictionaries are exempted from this wrapping, as are objects which declare that they handle their own write security, by exposing a true _guarded_writes attribute.
  • return, assert, try/finally, try/except/else, pass, raise, break, global, and if/elif/else are not changed or restricted.
  • for/else, while/else, and continue statements have calls to a global iteration counter/termination polling function inserted just before the jump to the start of a loop.
  • import is restricted by providing an __import__ function which only succeeds if each module to be imported is already in sys.modules. Access to names within modules is protected by calling the security machinery.
  • exec statements are not allowed.
  • The only other statements are expression statements. Expression evaluation is altered so that multiplication operations are replaced with calls to careful_mul from DocumentTemplate.VSEval. All access to attributes, items, and slices is guarded by calls to the security machinery.
  • Since CodeBlock compiles a function in an empty global namespace with no builtins, the function is flagged restricted, and cannot access internal attributes such as im_func.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)