Safe eval of insecure strings containing Python data structures?
Terry Reedy
tjreedy at udel.edu
Thu Oct 9 16:49:14 EDT 2008
Paul Rubin wrote:
> Lie Ryan <lie.1296 at gmail.com> writes:
>> in python 2.6, ast.literal_eval may be used to replace eval() for
>> literals.
>
> What happens on literal_eval('[1]*999999999') ?
Easy to try. Since it is not a literal or display,
ValueError: malformed string, just as with set({1,2,3])
>>> [1]*999999999 # or
>>> eval('[1]*999999999') # give a quick MemoryError
More information about the Python-list
mailing list