Safe eval of insecure strings containing Python data structures?
Lie Ryan
lie.1296 at gmail.com
Thu Oct 9 11:40:40 EDT 2008
On Thu, 09 Oct 2008 13:26:17 +0100, Orestis Markou wrote:
> The ast module in 2.6 has something...
>
in python 2.6, ast.literal_eval may be used to replace eval() for
literals. It does not accepts statements and function calls, i.e.:
>>> a = set([1, 2, 3])
>>> repr(a)
set([1, 2, 3])
>>> ast.literal_eval(repr(a))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.6/ast.py", line 67, in literal_eval
return _convert(node_or_string)
File "/usr/local/lib/python2.6/ast.py", line 66, in _convert
raise ValueError('malformed string')
ValueError: malformed string
More information about the Python-list
mailing list