Aahz <aahz at pythoncraft.com> wrote: ... > >>>> object.__subclasses__() ... > One thing my company has done is written a ``safe_eval()`` that uses a > regex to disable double-underscore access. will the regex catch getattr(object, 'subclasses'.join(['_'*2]*2)...?-) Alex