On Sun, 15 Aug 2010 01:24:00 +0200, Roland Koebler wrote: > I had the same problem, and so I created a "pseudo-sandbox" for > embedding Python in templates. This "pseudo-sandbox" creates a > restricted Python environment, where only whitelisted functions/classes > are allowed. Additionally, it prevents things like '0 .__class__'.
Hmmm... is that meant just as an illustration of a general technique, or do you actually have something against the class of 0? 0 .__class__ seems pretty innocuous to me: >>> type(0) is 0 .__class__ is int True [...] > But note that this is not a real sandbox! As soon as you allow *any* > unsafe function (e.g. open, import, eval, getattr etc.), you can easily > break out. Isn't that true of any sandbox though? Surely by definition, if you allow an unsafe function in any sandbox, it's no longer an effective sandbox. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
