safe eval of moderately simple math expressions

Joel Hedlund yohell at
Sat Apr 11 10:30:07 CEST 2009

Matt Nordhoff wrote:
>>>> '\x5f'
> '_'
>>>> getattr(42, '\x5f\x5fclass\x5f\x5f') # __class__
> <type 'int'>
> Is that enough to show you the error of your ways?

No, because

 >>> print '_' in '\x5f\x5fclass\x5f\x5f'

> :-D Cuz seriously, it's a bad idea.

Yes probably, but that's not why. :-)

> (BTW: What if a user tries to do some ridiculously large calculation to
> DoS the app? Is that a problem?)

Nope. If the user wants to hang her own app that's fine with me.


More information about the Python-list mailing list