use strings to call functions
Steven D'Aprano
steven at REMOVE.THIS.cybersource.com.au
Mon Feb 8 20:51:01 EST 2010
On Mon, 08 Feb 2010 14:43:46 -0800, Aahz wrote:
>>> WARNING: eval() is almost always the wrong answer to any question
>>
>>warning : it works !
>
> Works for what?
Code injection security bugs, of course.
http://en.wikipedia.org/wiki/Code_injection
It is surprisingly difficult to sanitize strings in Python to make them
safe to pass to eval. Unless you are prepared to trust the input data
explicitly, it's best to just avoid eval.
--
Steven
More information about the Python-list
mailing list