[Python-Dev] PEP 292, Simpler String Substitutions

[Fredrik Lundh]

David wrote:

> Ooh, magic and secrets! Maybe a little too magical for me to =
understand
> easily. Is the stuff between ${...} allowed to be any valid =
expression?

not according to the PEP, but nothing stops you from using
a magic dictionary:

class magic_dict:
    def __getitem__(self, value):
        return str(eval(value))

d =3D magic_dict()

print "%(__import__('os').system('echo hello'))s" % d
print replacevars("${__import__('os').system('echo hello')}", d)

# for extra fun, replace 'echo hello' with 'rm -rf ~')

</F>