Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why is access to macros of a template disallowed in RestrictedPython? #156

Open
pbauer opened this issue Apr 15, 2019 · 3 comments
Open

Why is access to macros of a template disallowed in RestrictedPython? #156

pbauer opened this issue Apr 15, 2019 · 3 comments
Labels
question

Comments

@pbauer
Copy link
Member

pbauer commented Apr 15, 2019

Following up from plone/Products.CMFPlone#2839:

Why does RestrictedPython not allow to use
python:mytemplate.macros['master'] in a template but
mytemplate/macros/master is allowed? macros is the property chameleon.zpt.program.import.macros which returns a chameleon.zpt.template.Macros object.

Allowed:

<pre tal:define="template python:context.restrictedTraverse('@@main_template')"
     tal:content="template/macros"></pre>

Not allowed:

<pre tal:define="template python:context.restrictedTraverse('@@main_template')"
     tal:content="python:template.macros"></pre>
@dataflake
Copy link
Member

In Zope itself we solved this issue here: zopefoundation/Zope#503

@pbauer
Copy link
Member Author

pbauer commented Apr 16, 2019

@dataflake thanks for the info. I don't get why tal:content="python:template.macros" does not work in Plone (we use Zope 4.0b10 which has the mentioned fix).

@dataflake
Copy link
Member

Running this in a Zope instance with security-policy-implementation python and verbose-security on helped me debug the original issue in Zope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pbauer @dataflake