Thomas Dybdahl Ahle <[EMAIL PROTECTED]> writes: > Hi, I have an application for which I want users to be able to make > themes. > I've planed a rather advanced model (in xml), which gives themes the > option to redefine various drawing methods. > Now I don't want those themes to be able to take over the current user, > but I'd still like the scripts to be able to import stuff like math. > Is there a way to ensure no IO and other dangerous stuff is done?
No. There used to be something called rexec/bastion but it was removed because it was insecure. You might look at http://webpy.org which is a web kit written in Python, that has its own sandboxed interpreter for a Python-like user templating language, for doing what you're doing. You could also consider using something like client side XSLT. -- http://mail.python.org/mailman/listinfo/python-list
