Python vs PHP
Istvan Albert
ialbert at mailblocks.com
Sat Oct 23 16:19:20 EDT 2004
Valentino Volonghi aka Dialtone wrote:
> It's not a workaroud. It's there and you can use that. I can't see a
> different way to execute code from a template without calling exec or eval.
> ZPT does exactly the same, and Nevow provides everything for you to do it.
Directly executing parts of a template as code is a unacceptable
security hole that cannot possibly be allowed in any development
model where there are people that are not supposed to
have complete access to the entire system.
ANd I don't think that is how ZPT works. Although I only used it with Zope and
I'm not sure which one implements the proper security measures.
I would imagine that proper way to go about it would be
to create a python-like, bare-bones language and use that to
interpret the code.
> But as I showed you can embed code in the tag attribute, you simply have to
> write the renderer yourself, since the Nevow way is not to have code
> outside of the python source file.
I think now I understand what you mean. Whatever is in the template
will treated as a string and is dealt with the method that
is associated with the tag.
best,
Istvan.
More information about the Python-list
mailing list