[Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Jason Orendorff
jason@jorendorff.com
Tue, 15 Jan 2002 20:53:08 -0600
> But your example suggests to me:
>
> >>> input('?: ')
> ?: $'$os.system("rm -rm *" )'
>
> I guess you need to special case that out of the compiler also.
> ( Are there any others lurking about ? )
The user could just as well type
?: os.system("rm -rf *")
and save some keystrokes.
input() is totally insecure. Always has been. Nothing new here.
## Jason Orendorff http://www.jorendorff.com/