Interpreting \ escape sequences in strings
Peter Otten
__peter__ at web.de
Mon Mar 15 02:45:56 EST 2004
Peter Otten wrote:
> Paul Watson wrote:
>
>> However, I am in a Python 2.1 environment. Do you know of any techniques
>> that would work under Python 2.1?
>
> eval('"' + s + '"')
I should have warned you that this is a security hole, as it allows the user
to execute arbitrary code. E. g:
<args.py>
import sys
def somefunc():
print "somefunc called"
return ""
def unescape(s):
return eval('"' + s + '"')
print unescape(sys.argv[1])
</args.py>
$ python args.py '"+somefunc()+"'
somefunc called
Peter
More information about the Python-list
mailing list