[issue22525] ast.literal_eval() doesn't do what the documentation says
Behdad Esfahbod
report at bugs.python.org
Tue Sep 30 19:37:15 CEST 2014
Behdad Esfahbod added the comment:
I think it should be made much more clear that this is not a blanket "safe eval() replacement".
Re complex literals, note that Python 2.7.x only implemented the binary plus operator if the second argument was complex. This seems to have been relaxed in Python 3.
Regarding DoS attack with a safe eval(), I understand the concern, but that's still a huge improvement over security risks of eval().
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue22525>
_______________________________________
More information about the Python-bugs-list
mailing list