[Python-Dev] PEP 216 (string interpolation) alternative EvalDict
Paul Prescod
paul@prescod.net
Mon, 14 Jan 2002 18:40:20 -0800
Steven Majewski wrote:
>
>...
>
> But Jason just said that function calls are not allowed.
> ( We -- actually, he listed what was allowed, and function calls
> were definitely not among them. )
I misread Jason's list at first myself. Jason was describing the
*output* of the transformation. He said that the output of the
transformation would be no more and no less than directly typed code
with
a) whatever code the programmer explicitly typed
in the $-string;
b) str() or unicode(); and
"$" has the power to eval, but only to eval a literal. As
described here (a string prefix rather than an operator
c) the + operator applied to strings.
"a)" embodies a whole host of things listed in the PEP:
"A Python identifier optionally followed by any number of
trailers, where a trailer consists of:
- a dot and an identifier,
- an expression enclosed in square brackets, or
- an argument list enclosed in parentheses
(This is exactly the pattern expressed in the Python grammar
by "NAME trailer*", using the definitions in Grammar/Grammar.)"
The PEP also has examples:
>>> print $'References to $a: $sys.getrefcount(a)'
References to 5: 15
> PEP 215's examples don't agree with the limitations in it's
> security section,
To summarize the security section, it says: *All of the text that is
ever processed by this mechanism is textually present in the Python
program at compile time*. In other words, users of the program can never
submit information and have it be evaluated by this mechanism.
Paul Prescod