Question about ast.literal_eval
Chris Angelico
rosuav at gmail.com
Tue May 21 03:35:40 EDT 2013
On Tue, May 21, 2013 at 4:46 PM, Frank Millman <frank at chagford.com> wrote:
> You may be right, Chris, but I don't think my approach is all that bad.
Frankly, I'm not altogether convinced that our approach is right
either :) But like the Oracle in the Matrix, I'm not here to push you
to one decision or another so much as to just put the options in front
of you and let you make up your own <bowdlerized> mind. Except in a
few cases where I'm really certain of my ground (like "don't put any
untrusted data through eval()"...).
> The vast majority of tests will be simple - either a single line, or two
> lines for a range check, with no brackets at all.
>
> If the requirement is more complicated than that, well, I don't think the
> complication can be avoided, and at least this approach gives full control.
Yeah, and this is where the issue of complexity points comes in.
You're spending a lot of them on functionality that most users won't
even use, and those who do will use only occasionally. You're forcing
them to match their brackets (not just have the same number of each
type, but also to get the nesting correct), and according to your
current spec, there can be no more than one open/close bracket at each
condition, so they'll have to arbitrarily add dummy conditions to make
certain forms of nesting work. You're exposing a lot of the underlying
interpreter, while forcing the user to dance wearing a body cast.
Sure, it can work, but it's unnecessarily hard.
> FWIW, I use the same approach to allow users to construct their own WHERE
> clauses in custom views. Again, the vast majority are simple, but there are
> times when it can get complicated.
Our alpha system is actually online, and we have exactly that system -
a query builder that renders down to a WHERE clause. If you're
curious, message me offline and I'll give you the URL.
> The proof of the pudding will be when I try to get ordinary users to get
> their own hands dirty - I am not there yet. If I ever get this released, the
> business model will be free software, but support will be charged for. So if
> a user gets out of his/her depth, there will be assistance available.
>
> Time will tell who is right ... ;-)
Who is right, and who is dead. Hey, are you aware that both Steven and
I come from Australia, and that we are used to having people not trust
us? Truly, you have a dizzying intellect!
ChrisA
... couldn't resist...
More information about the Python-list
mailing list