[Zope] Augmenting Structured Text (Re: <% ... %>) ?

Christopher Petrilli petrilli@digicool.com
Tue, 15 Jun 1999 11:17:50 +0000


Martijn Faassen wrote:

> Of course the former is executable python. Of course one can get close
> to that in external method, but it seems to be more obscure to do
> DTML-ish things than what I just described. Hm. Digicool folks, could we
> have some plans on the Python scripting abilities you're working on?
> Would it look like my suggestion? Would you take any suggestions? :)

We of course will take suggestions, but I think there's a few things
that aren't terribly negotiable in our implementation of DTML/etc (this
doesn't prevent other people from implementing other things, this is
Open Source ;-)...  the untouchables are:

	* DTML is inside HTML
	* Safety is paramount

What this means is that your proposed syntax, to my eyes, is no better
(though no worse probably) than what we have today, it is however, much
more foreign to people who don't know Python.  Remember, as the mantra
goes, DTML is a *REPORTING* language, not a scripting language.  

Now on to the question of what will be in the 'Python Method' product...
honestly, we're only in the Inception stage, so it's pretty vague right
now, but the general idea is this:

	* One method == one object in the database
	* Operates in the namespace of its container
	* access to object database through self (maybe 'this').
	* Expression machinery enforcement of security model
	* Additional safety net of catching resource DOS problems

What this means is that you can extract logic from your DTML documents
and move it into a clean Python syntax, and then simply refer to it:

	<!--#var pyDoSomething-->

or whatever syntax you prefer :-)  This to me puts DTML back where it
should be, with no major bizarre contortions in expr syntax with _foo
and _.bar() that... 

The hard part, and what will control time line, is the difficulty of
extending/modifying the existing security mechanism (which depends on
real-time modification of the AST parse tree) to work with
multi-expression blocks.  Honestly, I have no clue how much work this
is.

Note that this will operate in a "restricted execution" environment so
that you can only import a subset of modules available---although the
goal would be to let the administrator control which modules are
available.

Chris
--
| Christopher Petrilli                           
http://www.digicool.com
| Digital Creations, Inc.                          
petrilli@digicool.com