safe eval of moderately simple math expressions
__peter__ at web.de
Sat Apr 11 11:19:41 CEST 2009
Joel Hedlund wrote:
> Peter Otten wrote:
>> But what you're planning to do seems more like
>>>>> def is_it_safe(source):
>> ... return "_" not in source
>>>>> source = "getattr(42, '\\x5f\\x5fclass\\x5f\\x5f')"
>>>>> if is_it_safe(source):
>> ... print eval(source)
>> <type 'int'>
> Bah. You are completely right of course.
> Just as a thought experiment, would this do the trick?
> def is_it_safe(source):
> return "_" not in source and r'\' not in source
>>> "".join(map(chr, [95, 95, 110, 111, 95, 95]))
By the way, a raw string may not end with a backslash:
File "<stdin>", line 1
SyntaxError: EOL while scanning single-quoted string
More information about the Python-list