Convert String to Dictionary question

Fredrik Lundh fredrik at
Sat Feb 16 11:49:05 EST 2002

Jason Orendorff wrote:
> Whereas there are no known security holes in pickle.


it's fairly trivial to construct a pickle string that calls eval
or os.system with arbitrary arguments.


More information about the Python-list mailing list