Comment 1 for bug 98323

Changes: submitter email, importance (medium => critical), classification (issue => bug), new comment

We should really look at this.

The following expression works from a ZPT page:

tal:content="python:path('nocall:context/zope:__class__').__bases__[0].__subclasses__">

However, we are lucky and this does not work:
tal:content="python:path('nocall:context/zope:__class__').__bases__[0]">

Do we really want that one can traversal adapters without restrictions?

I'd suspect this to be a bug. I didn't try superhard to find an
exploit for this, but you never know ...