[Zope] Re: eval in DTML

Josef Meile jmeile at hotmail.com
Fri Feb 6 14:17:08 EST 2004

> You can't use 'eval' in either a DTML method or a python script.  You have
> to create an external method to use 'eval'.
It's a bad idea. When I was a newie, I also figured out the same solution,
somebody said:

"What if instead of a list, some bad user pass: rm -Rf?"

So, it seems an useful command, but in fact it is dangerous.

My suggestion for the thread author: if you can't send a list as somebody
then remove the first and last square braces and do a split. Off couse this
will only work if your list is very simple; on the contrary, if you use
lists of lists,
you will have to do some kind of recursive function.


More information about the Zope mailing list