pando.py icon indicating copy to clipboard operation
pando.py copied to clipboard

Published 20 hours ago verified publisher icon AspenWeb

Switch default list of page 2 variables from 'all of them' to 'Nothing'.

Open pjz opened this issue 10 years ago • 4 comments

In #165 we added __all__ as a way to specify what variables get 'exported' from page 2 to the template. The default behavior, if no __all__ exists, is to export everything. This is arguably a security footgun, and the default behavior should be changed to export nothing, thus making all exports explicit.

Note that changing it will break everything: all test that use simplates, all existing aspen sites. Everything. To save us some work, we need an 'unstrict' config flag or something that will preserve old behavior.

pjz avatar Aug 12 '13 19:08 pjz

Idea on October 2014 call: how about constraining to locals() rather than whitelisting with __all__?

chadwhitacre avatar Oct 07 '14 14:10 chadwhitacre

@Changaco What do you think of this for 1.0 (#357)?

chadwhitacre avatar Sep 08 '16 20:09 chadwhitacre

I think that the implicit passing of variables between pages is precisely the strength of simplates. https://github.com/AspenWeb/aspen.py/issues/27 seems like a better solution to me than changing the default behaviour of simplates.

Changaco avatar Sep 08 '16 20:09 Changaco

This goes away if we ditch simplates in https://github.com/AspenWeb/aspen.py/pull/30. 😈

chadwhitacre avatar Sep 09 '16 17:09 chadwhitacre