So, if an application accepts user-supplied input (such as a JSON payload), is that data marked as non-executable?<div><br></div><div><br>On Monday, September 3, 2018, Greg Ewing <<a href="mailto:greg.ewing@canterbury.ac.nz">greg.ewing@canterbury.ac.nz</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Jonathan Fine wrote:<br>
<br>
     # Evil code!<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
    ask_delete.__code__, ask_save.__code__ = ask_save.__code__,<br>
ask_delete.__code__<br>
</blockquote>
<br>
If an attacker can trick you into executing that line of code,<br>
he can probably just delete your data directly.<br>
<br>
-- soon<br>
Greg<br>
______________________________<wbr>_________________<br>
Python-ideas mailing list<br>
<a href="mailto:Python-ideas@python.org" target="_blank">Python-ideas@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/python-ideas" target="_blank">https://mail.python.org/mailma<wbr>n/listinfo/python-ideas</a><br>
Code of Conduct: <a href="http://python.org/psf/codeofconduct/" target="_blank">http://python.org/psf/codeofco<wbr>nduct/</a><br>
</blockquote></div>