Python 2.3b1: RuntimeError using rexec
Russell E. Owen
no at spam.invalid
Wed Apr 30 13:46:22 EDT 2003
Clever idea!
So far I have been using the standard repr output, and in any case it is
nice to have everything on one line. But then trying to sort separators
from strings containing separators becomes an issue. The new csv module
would probably make this easy. However, I also want to keep the code
compatible with 2.2.2...
By the way, I ran into a problem with the proposed safe eval: it turns
True and False started getting into my prefs files (as a side effect of
the recent change to Tkinter of returning objects instead of strings),
and the safe eval-with-no-builtins can't recognize those values. I'm
sure one could pass a minimal builtins dict that just included True,
False and perhaps None, and I could certainly convert True and False to
1 and 0 before writing the file, but...
Fortunately plain eval will work just fine for my application. The
security holes are irrelevant -- a malicious user could find much easier
ways to cause damage. It has always been intended that users can execute
arbitrary Python code (e.g. write their own scripts).
It is a interesting how seemingly small changes can cause problems.
However, I really like most of the changes, so I'm happy to accommodate.
-- Russell
In article <mailman.1051648246.19116.python-list at python.org>,
Lulu of the Lotus-Eaters <mertz at gnosis.cx> wrote:
>|"Russell E. Owen" <no at spam.invalid> writes:
>|> I stumbled across this when testing some existing code. This code uses
>|> rexec to convert a string representation of a dictionary to a dictionary
>|> as part of reading in font preferences.
>|> Any suggestion on how to do that without rexec would also be
>|> appreciated. (I was quite disappointed that "dict" didn't do it!)
>
>I'm not sure exactly what string representation of a dictionary you use.
>But it's not too hard to use dict(). E.g.:
>
> >>> d = '''
> ... a:b
> ... c:d
> ... e:f
> ... '''
> >>> dict([x.split(':') for x in d.split()])
> {'a': 'b', 'c': 'd', 'e': 'f'}
>...
More information about the Python-list
mailing list