Simple and safe evaluator
bob at mellowood.ca
Thu Jun 12 21:31:35 CEST 2008
George Sakkis wrote:
> You probably missed the point in the posted examples. A malicious user
> doesn't need to modify your program code to have access to far more
> than you would hope, just devise an appropriate string s and pass it
> to your "safe" eval.
Oppps, I did miss the point. I was assuming that the modifying stuff was
being done before the call to the eval(). I was wrong.
I'll have to get the ast based code incorporated into my code and just
use it. Darn, but it seems that each and every time one sees a simple
solution to a simple problem ... :)
More information about the Python-list