[Python-ideas] Security: remove "." from sys.path?
eryk sun
eryksun at gmail.com
Thu Jun 1 18:32:40 EDT 2017
On Thu, Jun 1, 2017 at 4:46 PM, Chris Angelico <rosuav at gmail.com> wrote:
> (AIUI, the *current directory* is never on Python's path, but the
> *script directory* is. They're the same thing a lot of the time.)
sys.path includes the current directory (i.e. an empty string) when
there's no script, which includes the REPL, -c, and -m. It's removed
by [-I]solated mode, which also removes the script directory.
More information about the Python-ideas
mailing list