Today I had to write this supporting method in my product to prevent a rather strange Unauthorized error in my Page Template. My docstring should explain what I understand::
def unsafe_unicode_dict_getitem(self, dictionary, item): """ Return the value of this item in a dictionary object. Simply call the __getitem__ of this dictionary to pluck out an item. Why call this unsafe_...() ? If you try to do this in a guarded context (e.g. Script (Python) (or Page Template)) you'll get an Unauthorized error: d = {u'\xa3':1} d[u'\xa3'] # will raise an Unauthorized error # this works however d = {u'\xa3':1, u'asciiable':1} d[u'asciiable'] Why? I don't know. The place where it happens is the parental guardian function guarded_getitem() from ZopeGuards.py By instead calling the __getitem__ from here in unrestricted python we can bypass this. """ return dictionary[item] Is my app unsafe now? Why is it not possible to get to __getitem__ if the key is non-ascii? -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )