[Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

[Soni L.]

On 2017-11-07 08:29 AM, אלעזר wrote:
> Hi,
>
> The dangers of eval and exec are obvious and well known to advanced 
> users, but the availability as built-in functions makes it too 
> tempting for beginners or even medium-level programmers. You can see 
> questions about these function pretty often in stackoverflow (roughly 
> once a day 
> <https://stackoverflow.com/search?tab=newest&q=eval%20python>, though 
> sometimes the uses are legitimate).
>
> Maybe we could start a ten-year process of deprecating the use of 
> `builtins.eval` (in the docs, and then with warnings)? `builtins.eval` 
> will be a wrapper to the real evaluation function, moved to 
> `unsafe.eval` or something obvious like that, so all you need to do to 
> port your code is to add `from unsafe import unsafe_eval as eval, 
> unsafe_exec as exec` at the top of the file; it will be a nice warning 
> to the reader.
>
> The fact that it is a wrapper will slightly slow it down and make the 
> stack traces noisier - both are good things, IMO.
>
> Also, it is unfortunate that `ast.literal_eval` is less accessible 
> than `builtins.eval`. Giving it an alias in builtins might make it 
> easier for programmers (and less scary - "ast" might sound like I need 
> a PhD to use it).
>
> What do you think?

Please don't!

exec("def one(x):\n [r] = x\n return r")  # who says python doesn't have 
one-liners?

(ofc, some would argue you should use:

one = (lambda x: (lambda y: y)(*x))

but I digress)

>
> Elazar
>
>
>
>
> _______________________________________________
> Python-ideas mailing list
> Python-ideas at python.org
> https://mail.python.org/mailman/listinfo/python-ideas
> Code of Conduct: http://python.org/psf/codeofconduct/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20171107/1dc8cbe9/attachment.html>