[Python-Dev] Improved evaluator added to ast module
Georg Brandl
g.brandl at gmx.net
Thu Oct 11 20:26:53 CEST 2012
Am 11.10.2012 20:13, schrieb Serhiy Storchaka:
> On 11.10.12 19:06, Vinay Sajip wrote:
>> Function calls are not allowed in expressions, but the following are:
>
> Are properties allowed?
Yes, since attribute access also means properties.
This doesn't have to be a problem, since the objects on which you can
access properties are not controlled by the user.
I'm not sure if you can get at "dangerous" objects, such as sys.modules,
via attribute and item access chains if the accessible objects are
of built-in types, but the case is very difficult to decide in practice
for objects of user-supplied classes.
Georg
More information about the Python-Dev
mailing list