Evaluation of variable as f-string
Rob Cliffe
rob.cliffe at btinternet.com
Wed Jan 25 15:04:56 EST 2023
On 23/01/2023 18:02, Chris Angelico wrote:
> On Tue, 24 Jan 2023 at 04:56, Johannes Bauer <dfnsonfsduifb at gmx.de> wrote:
>> Hi there,
>>
>> is there an easy way to evaluate a string stored in a variable as if it
>> were an f-string at runtime?
>>
>> ...
>>
>> This is supposedly for security reasons. However, when trying to emulate
>> this behavior that I wanted (and know the security implications of), my
>> solutions will tend to be less secure. Here is what I have been thinking
>> about:
> If you really want the full power of an f-string, then you're asking
> for the full power of eval(), and that means all the security
> implications thereof, not to mention the difficulties of namespacing.
> Have you considered using the vanilla format() method instead?
>
> But if you really REALLY know what you're doing, just use eval()
> directly. I don't really see what you'd gain from an f-string. At very
> least, work with a well-defined namespace and eval whatever you need
> in that context.
>
> Maybe, rather than asking for a way to treat a string as code, ask for
> what you ACTUALLY need, and we can help?
>
> ChrisA
Fair enough, Chris, but still ISTM that it is reasonable to ask (perhaps
for a different use-case) whether there is a way of evaluating a string
at runtime as if it were an f-string. We encourage people to ask
questions on this list, even though the answer will not always be what
they're hoping for.
I appreciate that the answer may be "No, because it would be a lot of
work - and increase the maintenance burden - to support a relatively
rare requirement".
Perhaps someone will be inspired to write a function to do it. 😎
Best wishes
Rob Cliffe
More information about the Python-list
mailing list