eval() == evil? --- How to use it safely?

[Paul Rubin]

Fett <FettManChu at gmail.com> writes:
> However, this means that I am using eval() on some string on a web-
> site, which seems pretty un-safe.

Don't even think of doing that.


> I read that by using eval(code,{"__builtins__":None},{})

It is not reliable enough.  Don't use eval for this AT ALL.

> - I originally was using exec() but switched to eval() 

For this purpose there is no difference between exec and eval.

Use something like simpleson or cjson instead.