[Python-ideas] Less tight validation in namedtuple input validation, and usefulness of issue 21832.
Antony Lee
antony.lee at berkeley.edu
Tue Dec 16 04:47:31 CET 2014
While namedtuples have a good reason to not support field names starting
with an underscore (namely, to prevent name collision), it would be nice to
still be able to define some sort of "private" attribute using (manual)
double-underscore name mangling, i.e. allow "namedtuple('Foo', 'bar baz
_Foo__qux')". It used to be possible to bypass the validation by passing a
carefully crafted subclass of str to the factory function, but this is no
longer an option after the fix for issue 21832 (which, by the way, seems a
complete overkill - there are a lot of other casts-to-str in the stdlib
which do not check that the result is exactly of type str (e.g.,
ConfigParser.read_dict), and if I want to execute untrusted code by passing
a subclass of str I can always put that code in the __str__ method of the
class anyways).
Antony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20141215/e51d07a1/attachment.html>
More information about the Python-ideas
mailing list