why there is no pythonscript insine web browsers?

Shane Geiger sgeiger at ncee.net
Tue Nov 13 18:39:16 CET 2007


At the last PyCon, Brett Cannon told me that he had already implemented
the security architecture (or security template) for Python within
Firefox.  However, he did not go forward with the project because he
would not be able to get a PhD from doing it.  :-) 




Dennis Lee Bieber wrote:
> On Tue, 13 Nov 2007 09:51:49 -0000, bramble <cadet.bramble at gmail.com>
> declaimed the following in comp.lang.python:
>
>
>   
>> Why can't it be safely sandboxed?
>>
>> That is, why not just have a Python interpreter and some safe subset
>> of the Python standard library run with the browser? I mean, aside
>>     
>
> 	It's not just the library (at a start you'd need to strip out
> modules os, popen, and subprocess), but you'd also need to block out
> exec, eval() (and by extension, input() ) from the interpreter core.
> Might need to do nasty things to the low-level import mechanism so that
> villains can't rig a web site to contain an import module with ability
> to access the local file system.
>   


-- 
Shane Geiger
IT Director
National Council on Economic Education
sgeiger at ncee.net  |  402-438-8958  |  http://www.ncee.net

Leading the Campaign for Economic and Financial Literacy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sgeiger.vcf
Type: text/x-vcard
Size: 288 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20071113/7a2a3fa2/attachment.vcf>


More information about the Python-list mailing list