safe eval of moderately simple math expressions
Joel Hedlund
yohell at ifm.liu.se
Sat Apr 11 04:22:05 EDT 2009
Matt Nordhoff wrote:
>>>> '\x5f'
> '_'
>>>> getattr(42, '\x5f\x5fclass\x5f\x5f') # __class__
> <type 'int'>
>
> Is that enough to show you the error of your ways?
No, because
>>> print '_' in '\x5f\x5fclass\x5f\x5f'
True
> :-D Cuz seriously, it's a bad idea.
Yes probably, but that's not why. :-)
> (BTW: What if a user tries to do some ridiculously large calculation to
> DoS the app? Is that a problem?)
Nope. If the user wants to hang her own app that's fine with me.
/Joel
More information about the Python-list
mailing list