Safe eval of insecure strings containing Python data structures?
Jason Scheirer
jason.scheirer at gmail.com
Thu Oct 9 14:44:01 EDT 2008
On Oct 9, 9:01 am, Paul Rubin <http://phr...@NOSPAM.invalid> wrote:
> Lie Ryan <lie.1... at gmail.com> writes:
> > in python 2.6, ast.literal_eval may be used to replace eval() for
> > literals.
>
> What happens on literal_eval('[1]*999999999') ?
The documentation clearly states that it will fail to evaluate and
raise a ValueError because there is an operation in the statement. 5*5
is NOT the literal 25, it is the equivalent to operator.mul(5, 5), and
the same is true to []*x
More information about the Python-list
mailing list