Jean-Paul Calderone wrote:
I'm wary of making it possible to accidentally expose a method to the client. Without allowMethods, it seems to be a quite simple to accidentally expose things. For example, with your patch, the following methods can be invoked by the client on any LiveFragment:
get rend ... postForm
...
With the above list of methods in mind, does it make more sense why allowedMethods is present?
Dear Jean-Paul, You're right, it could be dangerous, but I'm soooo lazy for typing too much! Attached is a revisited patch, that fulfill the security and make the allowedMethods at the same time unnecessary - this version allow only usage of NEW methods in the subclass, no superclass methods or overriding of them are accepted, try it... Could it be a way? Paul Index: athena.py =================================================================== --- athena.py (Revision 3368) +++ athena.py (Arbeitskopie) @@ -407,21 +407,19 @@ <form onsubmit="Nevow.Athena.refByDOM(this).callRemote('foo', bar); return false;"> - By default, only methods named in the C{allowedMethods} mapping - may be invoked by the client. """ - allowedMethods = {} - def rend(self, context, data): myID = self.page.addLocalObject(self) context.fillSlots('nevow:athena_id', myID) return super(LiveFragment, self).rend(context, data) def locateMethod(self, ctx, methodName): - if methodName in self.allowedMethods: - return getattr(self, methodName) - raise AttributeError(methodName) + if not hasattr(super(LiveFragment, self), methodName): + method = getattr(self, methodName, None) + if method: + return method + raise AttributeError, 'Method "%s" not allowed' % methodName # Helper for docFactories defined with stan: