[Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote!
Nick Coghlan
ncoghlan at gmail.com
Wed Mar 14 15:43:58 CET 2007
Eric V. Smith wrote:
> Nick Coghlan wrote:
>>> Feature: Exception raised if attribute with leading underscore accessed.
>>>
>>> The syntax supported by the PEP is deliberately limited in an attempt
>>> to increase security. This is an additional security measure, which
>>> is on by default, but can be optionally disabled if
>>> string.flag_format() is used instead of 'somestring'.format().
>> -0
>>
>> This is only an issue if implicit access to locals()/globals() is
>> permitted, and is unlikely to help much in that case (underscores are
>> rarely used with local variables, and those are the most likely to
>> contain juicy information which may be leaked)
>
> That's not true. What this feature is trying to prevent is access to
> attributes of the passed in objects.
Ah, I misread it. Change that vote to a +1 then.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
---------------------------------------------------------------
http://www.boredomandlaziness.org
More information about the Python-3000
mailing list