Question about ast.literal_eval
Fábio Santos
fabiosantosart at gmail.com
Mon May 20 04:39:47 EDT 2013
On 20 May 2013 09:19, "Frank Millman" <frank at chagford.com> wrote:
> Quoting from the manual -
>
> "Safely evaluate an expression node or a string containing a Python
expression. The string or node provided may only consist of the following
Python literal structures: strings, bytes, numbers, tuples, lists, dicts,
sets, booleans, and None."
>
> The operative word is 'safely'. I don't know the details, but it prevents
the kinds of exploits that can be carried out by malicious code using
eval().
Literals are only a subset of expressions. The documentation is a bit
misleading, by stating it accepts a "python expression".
This individual is rightfully confused.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20130520/63cc7a7d/attachment.html>
More information about the Python-list
mailing list