[Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

אלעזר elazarg at gmail.com
Tue Nov 7 05:29:33 EST 2017


The dangers of eval and exec are obvious and well known to advanced users,
but the availability as built-in functions makes it too tempting for
beginners or even medium-level programmers. You can see questions about
these function pretty often in stackoverflow (roughly once a day
<https://stackoverflow.com/search?tab=newest&q=eval%20python>, though
sometimes the uses are legitimate).

Maybe we could start a ten-year process of deprecating the use of
`builtins.eval` (in the docs, and then with warnings)? `builtins.eval` will
be a wrapper to the real evaluation function, moved to `unsafe.eval` or
something obvious like that, so all you need to do to port your code is to
add `from unsafe import unsafe_eval as eval, unsafe_exec as exec` at the
top of the file; it will be a nice warning to the reader.

The fact that it is a wrapper will slightly slow it down and make the stack
traces noisier - both are good things, IMO.

Also, it is unfortunate that `ast.literal_eval` is less accessible than
`builtins.eval`. Giving it an alias in builtins might make it easier for
programmers (and less scary - "ast" might sound like I need a PhD to use

What do you think?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20171107/d0faa9c1/attachment.html>

More information about the Python-ideas mailing list