Is Eval *always* Evil?
Robert Kern
robert.kern at gmail.com
Wed Nov 10 21:39:52 EST 2010
On 2010-11-10 17:14 , Christian Heimes wrote:
> Am 10.11.2010 18:56, schrieb Simon Mullis:
>
> Yes, eval is evil, may lead to security issues and it's unnecessary
> slow, too.
>
>> # In the meantime - and as a proof of concept - I'm using a dict instead.
>>
>> xpathlib = {
>> "houses" : r'[ y.tag for y in x.xpath("//houses/*") ]',
>> "names" : r'[ y.text for y in x.xpath("//houses/name") ]',
>> "footwear_type" : r'[ y.tag for y in
>> x.xpath("//cupboard/bottom_shelf/*") ]',
>> "shoes" : r'[ y.text for y in
>> x.xpath("//cupboard/bottom_shelf/shoes/*") ]',
>> "interface_types" : r'[ y.text[:2] for y in
>> x.xpath("//interface/name") ]',
>> }
>
> You have two possibilities here:
>
> * either learn more XPath. You can do everything with XPath as well,
> for example "//houses/name/text()"
>
> * use lambdas instead, for example "names" : lambda x: [y.text for y in
> x.xpath("//houses/name")]
Well, the key reason he is using strings is so that he can easily slap on a
Django admin UI to allow certain users to add new expressions. lambdas don't
help with that.
--
Robert Kern
"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco
More information about the Python-list
mailing list