Python 2.3b1: RuntimeError using rexec
Martin v. Löwis
martin at v.loewis.de
Tue Apr 29 16:07:23 EDT 2003
"Russell E. Owen" <no at spam.invalid> writes:
> I've looked at the what's new and the standard documentation for rexec
> and it seems normal -- no hint that the module has been deprecated or
> that one needs to jump through some "yes I know it's dangerous" hoop to
> use it.
See
http://www.python.org/2.3/highlights.html
The rexec module has been disabled.
> I stumbled across this when testing some existing code. This code uses
> rexec to convert a string representation of a dictionary to a dictionary
> as part of reading in font preferences.
There simply is no "safe" way to do that in Python.
>
> Any suggestion on how to do that without rexec would also be
> appreciated. (I was quite disappointed that "dict" didn't do it!)
eval should work, but it won't be safe if you cannot trust the string.
Regards,
Martin
More information about the Python-list
mailing list