Opened 15 years ago
Last modified 8 years ago
#394 new enhancement
Allow custom loaders to also plug in custom AstTransformers
Reported by: | Carsten Klein <carsten.klein@…> | Owned by: | cmlenz |
---|---|---|---|
Priority: | major | Milestone: | 0.9 |
Component: | General | Version: | 0.6 |
Keywords: | Cc: |
Description
The current API does not allow templates to override the default AstTransformer?? defined in astutil#_compile.
However, classes derived from Code do allow overriding the default transformer.
It would be nice to have a custom loader also incorporate a custom AstTransformer??.
The main concern here is security, effectfully limiting python API access by a custom AstTransformer??.
As I see it, the markup template's init method would require an additional named parameter that by default would be set to none, e.g. xform=None.
That way, upon instantiation of either Suite or Expression, the specified AstTransformer?? could be passed as an alternative the the default transformer.
This would also be backwards compatible, so existing applications would not break.
See the attached patch which might provide such a solution.
The patch is currently untested.
Attachments (1)
Change History (3)
Changed 15 years ago by Carsten Klein <carsten.klein@…>
comment:1 Changed 11 years ago by hodgestar
comment:2 Changed 8 years ago by hodgestar
- Milestone changed from 0.7 to 0.9
Moved to milestone 0.9.
Note: It would be really hard to provide any meaningful security by examining the AST. Smart people have repeatedly failed to create Python sandboxes this way.