Python expression syntax:
Any valid Python language expression
Python expressions evaluate Python code in a security-restricted environment. Python expressions offer the same facilities as those available in Python-based Scripts and DTML variable expressions.
Python expressions are subject to the same security restrictions as Python-based scripts. These restrictions include:
Despite these limits malicious Python expressions can cause problems. See The Zope Book for more information.
Python expressions have the same built-ins as Python-based Scripts with a few additions.
These standard Python built-ins are available:
pow functions are available and work the same
way they do in standard Python; however, they are limited to
keep them from generating very large numbers and sequences. This
limitation helps protect against denial of service attacks.
In addition, these utility functions are available:
same_type. See DTML
functions for more
information on these functions.
Finally, these functions are available in Python expressions, but not in Python-based scripts:
A number of Python modules are available by default. You can
make more modules available. You can access modules either via
path expressions (for example
modules/string/join) or in
Python with the
modules mapping object (for example
modules["string"].join). Here are the default modules:
dtml-in. See ZTUtils for more information.
Using a module usage (pick a random choice from a list):
<span tal:replace="python:modules['random'].choice(['one', 'two', 'three', 'four', 'five'])"> a random number between one and five </span>
String processing (capitalize the user name):
<p tal:content="python:user.getUserName().capitalize()"> User Name </p>
Basic math (convert an image size to megabytes):
<p tal:content="python:image.getSize() / 1048576.0"> 12.2323 </p>
String formatting (format a float to two decimal places):
<p tal:content="python:'%0.2f' % size"> 13.56 </p>