[New-bugs-announce] [issue22525] ast.literal_eval() doesn't do what the documentation says

Behdad Esfahbod report at bugs.python.org
Tue Sep 30 16:57:19 CEST 2014

New submission from Behdad Esfahbod:

The documentation says:

Safely evaluate an expression node or a string containing a Python expression. The string or node provided may only consist of the following Python literal structures: strings, bytes, numbers, tuples, lists, dicts, sets, booleans, and None.

This can be used for safely evaluating strings containing Python expressions from untrusted sources without the need to parse the values oneself.

This makes me to believe that this is a useful replacement for eval() that is safe.  However, it fails to make it clear that it parses **one literal**, NOT an expression.  Ie. it can't handle "2*2".  Weirdly enough, at least with my Python 3.2.3, it does handle "2+2" with no problem.

This seriously limits the usefulness of this function.  Is there really no equivalent that parses simple expressions of literals?

messages: 227941
nosy: Behdad.Esfahbod
priority: normal
severity: normal
status: open
title: ast.literal_eval() doesn't do what the documentation says

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list