List comprehension - NameError: name '_[1]' is not defined ?
ajaksu
ajaksu at gmail.com
Fri Jan 16 18:04:33 EST 2009
On Jan 16, 3:45 pm, mario ruggier <mario.rugg... at gmail.com> wrote:
> > '(x for x in ()).throw("bork")'
>
> What is the potential security risk with this one?
I don't see a concrete issue, just found it tempting... raising hand-
crafted objects :)
> All the above attempts will be blocked this way. Any other disallow-
> sub-strings to add to the list above?
None that I know of, but I suggest testing with dir, globals, locals
and '__' enabled (which I haven't done yet), as spotting possible
flaws should be easier. If you can get BOM+encoded garbage tested (see
http://tinyurl.com/72d98y ), it might be worth it too.
This one fails in lots of interesting ways when you juggle keyword-
args around:
exprs = [
'evoque("hmm", filters=[unicode.upper ] ,src="/etc/python2.5/
site.py")',
]
> And thanks a lot Daniel, need to find a way to get somebeer over to
> ya... ;-)
You're welcome! Don't worry about the beer, I'd only consider a real
promise if it involved chocolate :D
Regards,
Daniel
More information about the Python-list
mailing list