Workflow

Five-pt

Latest version: v3.0

Safety actively analyzes 628267 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 2 of 6

2.2.1

~~~~~~~~~~~~~~~~~~

Features:

- Whitespace between attributes is now reduced to a single whitespace
character.

Bugfixes:

- The path traverser now correctly renders callables, applying the
template namespace as keyword arguments. Previously, only the
``request`` name would be passed.

- The content provider expression now correctly applies TAL namespace
data.

- Avoid duplicate HTML decoding. This fixes an issue which was
introduced because newer Chameleon releases decode all expression
inputs by default.

2.2.0

~~~~~~~~~~~~~~~~~~

- Update implementation to use component-based template engine
configuration, plugging directly into the Zope Toolkit framework.

- Declare RepeatItem as public object with allowed subobjects
[leorochael]

- Bump minimum versions of dependencies z3c.pt and sourcecodegen to fix
lp853731 and lp848200.
[leorochael]

- Fixed encoding issue with restricted Python expression. The Python
2.4 AST parser does not accept unicode input and the expression
string must be explicitly encoded to a byte string.
[malthe]

2.1.5

~~~~~~~~~~~~~~~~~~

- Reuse template instance on cook.
[malthe]

- Use the template source string available in the ``_text`` attribute
instead of reading the file (again).
[leorochael, malthe]

- Use secure moduler importer for both Zope 2 and 3 templates. This
fixes issue 34.
[malthe]

2.1.4

~~~~~~~~~~~~~~~~~~

- Upgrade to newest Zope integration package.

2.1.3

~~~~~~~~~~~~~~~~~~

- Fixed issue with traversal and dictionary optimization (the
optimization has been removed).
[malthe]

- Fixed compatibility issue with the ``UnauthorizedBinding`` class and
traversal.
[malthe]

2.1.2

~~~~~~~~~~~~~~~~~~

- Wire in restricted python builtins as imports. Previously these were
added to the dynamic context.
[malthe]

- Use the Python expression from the ``z3c.pt`` package for the
trusted page template engine. This difference between this and the
standard Python expression from Chameleon is that the pipe character
(``"|"``) has the meaning of fallback in Chameleon, but not in the
reference ZPT implementation (where it's only available for path
expressions).
[malthe]

Page 2 of 6

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.