[Erp5-dev] Validating W3 Confomance of ERP5 Forms
Pelletier Vincent
vincent at nexedi.com
Thu Mar 29 10:56:18 CEST 2007
Le Jeudi 29 Mars 2007 10:13, Jacek Medrzycki a écrit :
> I know that eval could be a security threat, especially when dealing
> with user input, but I thought it is safe in unit test. But I'll fix the
> code of course.
Well, more generally I think it's better to use a "static" code than dynamic
string execution - if not for performance reasons, at least for readability.
And I'm afraid that once the first "eval" ever get accepted in the repository
it would become some kind of example and would lead to a more generalised use
of it, without taking appropriate care.
> Can you explain more closely. I don't understand fully what you mean.
I was refering to this code:
results = self.w3_validator.validate_form(form_source)
if len(results)>0:
if self.verbose:
test_errors.append((form, results))
else:
test_errors.append((form, ))
I guess it would be a bit nicer like:
self.w3_validator = W3FormValidator(self.w3_validator_url,
verbose_level=verbose_level)
[...]
test_errors.append(self.w3_validator.validate_form(form_source))
--
Vincent Pelletier
More information about the Erp5-dev
mailing list