Sanitizing untrusted code for eval()

Diez B. Roggisch deets at nospam.web.de
Mon Aug 22 13:48:38 EDT 2005

Previous message (by thread): Python for Webscripting (like PHP)
Next message (by thread): Sanitizing untrusted code for eval()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Does anyone know of any other "gotchas" with eval() I have not found?  Or
> is eval() simply too evil?

Yes - and from what I can see on the JSON-Page, it should be _way_ 
easier to simply write a parser your own - that ensures that only you 
decide what python code gets called.

Diez
_

Previous message (by thread): Python for Webscripting (like PHP)
Next message (by thread): Sanitizing untrusted code for eval()
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-list mailing list