Comments on Version 2, Draft Pep for Deprecating Builtins
Huaiyu Zhu
huaiyu at gauss.almadan.ibm.com
Thu May 9 14:30:36 EDT 2002
Gareth McCaughan <Gareth.McCaughan at pobox.com> wrote:
>There was one thing I said that isn't completely redundant,
>which I'll repeat here:
>
>> Eliminating |input| would be a major improvement to the language,
>> *provided* we get something that does what |input| should have
>> done. Unfortunately, what with unary minus and complex numbers
>> and lists and tuples and everything else being handled in the
>> expression eval rather than the parser, this isn't as trivial
>> as one might think.
>>
>> To expand: we could really do with something that lets the user
>> enter "46" or "0x1234" or "'walrus'" or "-2+6j" or "[1,'a',{3:4}]"
>> and returns the same as |input| does for those, but that doesn't
>> permit "f(123)" or "2**2002" or "[x for x in [1,2,3]]".
>
What about a simpler approach using rexec? Would it be safer if
eval(raw_input()) is replaced with the following?
import rexec
r = rexec.RExec()
r.r_eval(raw_input())
I understand that rexec is not completely safe, but it might be better for
preventing accidents, if not to defend against attacks.
I don't see the reason to prevent 2**2002. But if there is such a reason,
maybe one should tweak r_eval to handle it?
Huaiyu
More information about the Python-list
mailing list