An expression that rebinds a variable?
Gabriel Genellina
gagsl-py2 at yahoo.com.ar
Thu May 17 19:49:18 EDT 2007
En Thu, 17 May 2007 18:29:35 -0300, GreenH <Green.Horn.000 at gmail.com>
escribió:
> Thanks, But, my interest is actually in finding the cases in which
> eval(expr) would throw surprises at me by bringing changes in
> namespace(s), just because I haven't given a namespace for that eval()
> i.e., where would we see the perils of not passing namespace to the
> 'eval'.
As already said, it's hard to make changes to the local namespace, but the
global namespace is directly accessible.
py> z = {'a': 1}
py> eval("z.setdefault('b',2)")
2
py> z
{'a': 1, 'b': 2}
eval is unsafe by definition, even if you provide your own namespaces. If
you can't trust the expression to be evaluated, don't use eval if you are
minimally concerned about security.
--
Gabriel Genellina
More information about the Python-list
mailing list