[Python-3000] Addition to PEP 3101

Guido van Rossum guido at python.org
Tue May 1 20:25:52 CEST 2007

On 5/1/07, Jim Jewett <jimjjewett at gmail.com> wrote:
> On 5/1/07, Guido van Rossum <guido at python.org> wrote:
> > On 5/1/07, Jim Jewett <jimjjewett at gmail.com> wrote:
> > > Note that while (literal strings used as) format strings are
> > > effectively sandboxed, the formatted objects themselves are not.
> > >     "My name is {0[name]}".format(evil_map)
> > > would still allow evil_map to run arbitrary code.
> > And how on earth would that be a security threat?
> There are some things you can safely do with even arbitrary objects --
> such as appending them to a list.
> By mentioning security as a reason to restrict the format, it suggests
> that this is another safe context.  It isn't.

But your presumption that the map is already evil makes it irrelevant
whether the format is safe or not. Having the evil map is the problem,
not passing it to the format operation.

--Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-3000 mailing list