Blair P. Houghton wrote: > >Would it be sufficient in your case merely to allow only .html files to > >be loaded? Or URLs without .extensions? Or even just permit only the > >http: protocol? > > Personally, I'm just noodling around with this right now. > So "my case" is the abstract case. I think the solution if > one was needed would be to look at how something like > Firefox implements script detection and warns about it, > so all forms of scripts would be rejected. > > I did try loading the .py file over a remote connection, and > it does seem to work as expected that way; i.e., I get a > browser window with the text of the script. So the
The server will send it with a Content-Type set to text/plain - so the browser knows to treat it as text. > webbrowser.py module's handling of http:// accesses > is definitely different from its handling of file:// accesses. > It's worth working out if this is down to webbrowser.py *or* Firefox. Try launching firefox with the path to the py file and seeing what it does. If it is webbrowser.py then it is worth fixing. All the best, Fuzzyman http://www.voidspace.org.uk/python/index.shtml > --Blair -- http://mail.python.org/mailman/listinfo/python-list