How to convert string to list without eval or exec
Peter Harris
scav at blueyonder.co.uk
Thu Mar 11 17:28:18 EST 2004
Peter Otten wrote:
> DomF wrote:
>
>
>>>>I'm not allowed to use eval or exec.
>>>
>>>- write to a file
>>>- load the file as module :-)
>>
>>This made me laugh out loud after reading all the heavy duty parsing
>>options, is that bad?
>
>
> It's just like eval and exec in that it allows to execute untrusted code.
>
> Peter
Would it be safe to use eval but within a namespace with no globals or
locals? Then the expression could only include literals.
Actually, builtins would be visible too. And you don't want to eval
"[ file('important_file','w') ]" !
But I think there's a way to hide builtins as well, although I forget
what it is.
Peter Harris
More information about the Python-list
mailing list