[Python-ideas] Another way to avoid clumsy lambdas, while adding new functionality

[Chris Angelico]

On Thu, Mar 6, 2014 at 8:20 AM, David Mertz <mertz at gnosis.cx> wrote:
> The literal hardly saves you from injection attacks.  I could write this too
> under the proposed idea:
>
>   foo = get_string_from_attacker()
>   a = $(foo)
>   b = a.eval()
>
> Now one can say "don't do that!" ... but that advice applies just as well to
> 'compile(unsafe_string, ...)'

That'll just be like doing:

b = foo

So it's still safe. That's the point.

ChrisA