Py3.3 unicode literal and input()
John Roth
johnroth1 at gmail.com
Mon Jun 18 12:55:32 EDT 2012
On Monday, June 18, 2012 9:44:17 AM UTC-6, jmfauth wrote:
> Thinks are very clear to me. I wrote enough interactive
> interpreters with all available toolkits for Windows
> since I know Python (v. 1.5.6).
>
> I do not see why the semantic may vary differently
> in code source or in an interactive interpreter,
> esp. if Python allow it!
>
> If you have to know by advance what an end user
> is supposed to type and/or check it ('str' or unicode
> literal) in order to know if the answer has to be
> evaluated or not, then it is better to reintroduce
> input() and raw_input().
>
The change between Python 2.x and 3.x was made for security reasons. The developers felt, correctly in my opinion, that the simpler operation should not pose a security risk of a malicious user entering an expression that would corrupt the program.
In Python 3.x the equivalent of Python 2.x's input() function is eval(input()). It poses the same security risk: acting on unchecked user data.
John Roth
> jmf
More information about the Python-list
mailing list