safe eval of moderately simple math expressions

Joel Hedlund yohell at ifm.liu.se
Sat Apr 11 10:30:07 CEST 2009


Matt Nordhoff wrote:
>>>> '\x5f'
> '_'
>>>> getattr(42, '\x5f\x5fclass\x5f\x5f') # __class__
> <type 'int'>
> 
> Is that enough to show you the error of your ways?

No, because

 >>> print '_' in '\x5f\x5fclass\x5f\x5f'
True

> :-D Cuz seriously, it's a bad idea.

Yes probably, but that's not why. :-)

> (BTW: What if a user tries to do some ridiculously large calculation to
> DoS the app? Is that a problem?)

Nope. If the user wants to hang her own app that's fine with me.

/Joel



More information about the Python-list mailing list