Opened 16 years ago
Last modified 7 years ago
#151 new defect
Undefined behavor of extended iteration — at Initial Version
| Reported by: | aronacher | Owned by: | cmlenz |
|---|---|---|---|
| Priority: | major | Milestone: | 0.9 |
| Component: | General | Version: | 0.4.4 |
| Keywords: | Cc: |
Description
Right now "for foo.bar, blubblah? in something" is undefined in genshi (it does nothing, especially no error) and "for fooa in b? in bar" breaks with a syntax error although it's valid python.
Because of my work on the sandboxed branch it's important that iterations do not modify existing objects because they could be persistent, thus shared among renderings. A quickfix would be changing the " in " split to a regex like this: "r([A-Za-z_][A-Za-z0-9_]*(\s*,\s*[A-Za-z_][A-Za-z0-9_]*)*)\s+in"
That would then automatically close the security problem of the sandbox branch too.
