Safe eval of insecure strings containing Python data structures?

Aaron "Castironpi" Brady castironpi at gmail.com
Thu Oct 9 20:53:49 CEST 2008


On Oct 9, 1:44 pm, Jason Scheirer <jason.schei... at gmail.com> wrote:
> On Oct 9, 9:01 am, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
>
> > Lie Ryan <lie.1... at gmail.com> writes:
> > > in python 2.6, ast.literal_eval may be used to replace eval() for
> > > literals.
>
> > What happens on literal_eval('[1]*999999999') ?
>
> The documentation clearly states that it will fail to evaluate and
> raise a ValueError because there is an operation in the statement. 5*5
> is NOT the literal 25, it is the equivalent to operator.mul(5, 5), and
> the same is true to []*x

Kudos to author on creating this function!



More information about the Python-list mailing list