eval(source, {'builtins': {}}) archived as Faq
Erik Max Francis
max at alcyone.com
Fri Sep 29 03:50:01 EDT 2006
Duncan Booth wrote:
> I'm slightly surprised that nobody has yet pointed out that the OP failed
> at the very first hurdle here. If you are going to do this dangerous trick
> then 'builtins' should be spelled '__builtins__':
I did, because otherwise the exploit I gave wouldn't have worked so easily.
The bottom line here is that you shouldn't even try to go through the
exercise of seeing if you can bullet-proof a solution using eval;
instead, you shouldn't even try.
--
Erik Max Francis && max at alcyone.com && http://www.alcyone.com/max/
San Jose, CA, USA && 37 20 N 121 53 W && AIM, Y!M erikmaxfrancis
Everyone wants to look good at his own funeral.
-- Louis Wu
More information about the Python-list
mailing list