[Python-3000] Addition to PEP 3101
Jim Jewett
jimjjewett at gmail.com
Tue May 1 20:39:59 CEST 2007
On 5/1/07, Guido van Rossum <guido at python.org> wrote:
> On 5/1/07, Jim Jewett <jimjjewett at gmail.com> wrote:
> > There are some things you can safely do with even arbitrary objects --
> > such as appending them to a list.
> > By mentioning security as a reason to restrict the format, it suggests
> > that this is another safe context. It isn't.
> But your presumption that the map is already evil makes it irrelevant
> whether the format is safe or not. Having the evil map is the problem,
> not passing it to the format operation.
Using a map was probably misleading. Let me rephrase:
While the literal string itself is safe, the format function is only
as safe as the objects being formatted. The example below gets
person.name; if the person object itself is malicious, then even this
attribute access could run arbitrary code.
"My name is {0.name}".format(person)
-jJ
More information about the Python-3000
mailing list