Sanitizing untrusted code for eval()

Diez B. Roggisch deets at
Mon Aug 22 19:48:38 CEST 2005

> Does anyone know of any other "gotchas" with eval() I have not found?  Or
> is eval() simply too evil?

Yes - and from what I can see on the JSON-Page, it should be _way_ 
easier to simply write a parser your own - that ensures that only you 
decide what python code gets called.


More information about the Python-list mailing list