On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote:
On Tue, Nov 7, 2017 at 2:29 AM, אלעזר email@example.com wrote:
The dangers of eval and exec are obvious and well known to advanced users, but the availability as built-in functions makes it too tempting for beginners or even medium-level programmers.
I find it dubious to claim that these functions are dangerous to beginners.
I don't think its so much that eval/exec are in themselves dangerous to beginners as that their easy availability as builtins encourages bad habits that can last long after the programmer is no longer a beginner.
Sometimes they're written by beginners whose code isn't being reviewed carefully enough, and sometimes they're written by experienced coders who have simply learned bad habits and haven't learned better.
I don't want to scare people away from using eval/exec, but it would be great if we could gently encourage them to think before using them, and to prefer literal_eval instead.