[pypy-commit] pypy default: don't use eval on user input

[cfbolz]

Author: Carl Friedrich Bolz <cfbolz at gmx.de>
Branch: 
Changeset: r85552:7f5d1ceedd1d
Date: 2016-07-05 08:29 +0200
http://bitbucket.org/pypy/pypy/changeset/7f5d1ceedd1d/

Log:	don't use eval on user input

diff --git a/dotviewer/graphparse.py b/dotviewer/graphparse.py
--- a/dotviewer/graphparse.py
+++ b/dotviewer/graphparse.py
@@ -85,10 +85,11 @@
     pass
 
 def splitline(line, re_word = re.compile(r'[^\s"]\S*|["]["]|["].*?[^\\]["]')):
+    import ast
     result = []
     for word in re_word.findall(line):
         if word.startswith('"'):
-            word = eval(word)
+            word = ast.literal_eval(word)
         result.append(word)
     return result