use strings to call functions
steven at REMOVE.THIS.cybersource.com.au
Tue Feb 9 02:51:01 CET 2010
On Mon, 08 Feb 2010 14:43:46 -0800, Aahz wrote:
>>> WARNING: eval() is almost always the wrong answer to any question
>>warning : it works !
> Works for what?
Code injection security bugs, of course.
It is surprisingly difficult to sanitize strings in Python to make them
safe to pass to eval. Unless you are prepared to trust the input data
explicitly, it's best to just avoid eval.
More information about the Python-list