[Python-ideas] Another way to avoid clumsy lambdas, while adding new functionality
Chris Angelico
rosuav at gmail.com
Wed Mar 5 22:31:47 CET 2014
On Thu, Mar 6, 2014 at 8:20 AM, David Mertz <mertz at gnosis.cx> wrote:
> The literal hardly saves you from injection attacks. I could write this too
> under the proposed idea:
>
> foo = get_string_from_attacker()
> a = $(foo)
> b = a.eval()
>
> Now one can say "don't do that!" ... but that advice applies just as well to
> 'compile(unsafe_string, ...)'
That'll just be like doing:
b = foo
So it's still safe. That's the point.
ChrisA
More information about the Python-ideas
mailing list