What YAML engine do you use?
Peter Hansen
peter at engcorp.com
Mon Jan 24 10:58:16 EST 2005
Sion Arrowsmith wrote:
> Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote:
>
>>YAML looks to me to be completely insane, even compared to Python
>>lists. I think it would be great if the Python library exposed an
>>interface for parsing constant list and dict expressions, e.g.:
>> [1, 2, 'Joe Smith', 8237972883334L, # comment
>> {'Favorite fruits': ['apple', 'banana', 'pear']}, # another comment
>> 'xyzzy', [3, 5, [3.14159, 2.71828, []]]]
>>[ ... ]
>>Note that all the values in the above have to be constant literals.
>>Don't suggest using eval. That would be a huge security hole.
>
>
> I'm probably not thinking deviously enough here, but how are you
> going to exploit an eval() which has very tightly controlled
> globals and locals (eg. eval(x, {"__builtins__": None}, {}) ?
See, for example, Alex Martelli's post in an old thread from 2001:
http://groups.google.ca/groups?selm=9db3oi01aph%40news2.newsguy.com
-Peter
More information about the Python-list
mailing list