safe eval of moderately simple math expressions

Joel Hedlund yohell at ifm.liu.se
Sat Apr 11 05:38:50 EDT 2009


Peter Otten wrote:
> Joel Hedlund wrote:
> 
>> Peter Otten wrote:
>>>> def is_it_safe(source):
>>>>      return "_" not in source and r'\' not in source
>>>>>> "".join(map(chr, [95, 95, 110, 111, 95, 95]))
>>> '__no__'
>> But you don't have access to neither map or chr?
>>
>> /Joel
> 
>>>> '5f5f7374696c6c5f6e6f745f736166655f5f'.decode("hex")
> '__still_not_safe__'

Now *that's* a thing of beauty. A horrible, horrible kind of beauty.

Thanks for blowing holes in my inflated sense of security!
/Joel



More information about the Python-list mailing list