7 Nov
2017
7 Nov
'17
1:35 p.m.
07.11.17 12:29, אלעזר пише:
Also, it is unfortunate that `ast.literal_eval` is less accessible than `builtins.eval`. Giving it an alias in builtins might make it easier for programmers (and less scary - "ast" might sound like I need a PhD to use it).
ast.literal_eval is not so safe as you think. Malicious input can cause a stack overflow in your program. [1] [1] https://bugs.python.org/issue31113