Sanitizing untrusted code for eval()

Diez B. Roggisch deets at nospam.web.de
Mon Aug 22 19:48:38 CEST 2005


> Does anyone know of any other "gotchas" with eval() I have not found?  Or
> is eval() simply too evil?

Yes - and from what I can see on the JSON-Page, it should be _way_ 
easier to simply write a parser your own - that ensures that only you 
decide what python code gets called.

Diez
_



More information about the Python-list mailing list