Question about ast.literal_eval
Chris Angelico
rosuav at gmail.com
Mon May 20 04:13:18 EDT 2013
On Mon, May 20, 2013 at 5:55 PM, Carlos Nepomuceno
<carlosnepomuceno at outlook.com> wrote:
> I understand your motivation but I don't know what protection ast.literal_eval() is offering that eval() doesn't.
eval will *execute code*, while literal_eval will not. That's the
protection. With ast.literal_eval, all that can happen is that it
produces a single result value. In this case, unfortunately, that's
insufficient; a comparison needs to be done, ergo it's not an entire
literal. But something else in the ast module may be able to serve, or
maybe literal_eval can do the bulk of the work.
ChrisA
More information about the Python-list
mailing list