[Python-Dev] PEP 292, Simpler String Substitutions

Fredrik Lundh fredrik@pythonware.com
Thu, 20 Jun 2002 14:37:18 +0200

barry wrote:
> I've added a note that you should never use no-arg .sub() on strings
> that come from untrusted sources.

if adding a note to the specification really helped, my servers
logs wouldn't be full of findmail.pl requests, and our mail filters
wouldn't catch quite as many outlook worms ;-)