List comprehension - NameError: name '_[1]' is not defined ?

ajaksu ajaksu at
Sat Jan 17 00:04:33 CET 2009

On Jan 16, 3:45 pm, mario ruggier <mario.rugg... at> wrote:
> > '(x for x in ()).throw("bork")'
> What is the potential security risk with this one?

I don't see a concrete issue, just found it tempting... raising hand-
crafted objects :)

> All the above attempts will be blocked this way. Any other disallow-
> sub-strings to add to the list above?

None that I know of, but I suggest testing with dir, globals, locals
and '__' enabled (which I haven't done yet), as spotting possible
flaws should be easier. If you can get BOM+encoded garbage tested (see ), it might be worth it too.

This one fails in lots of interesting ways when you juggle keyword-
args around:
exprs = [
    'evoque("hmm", filters=[unicode.upper ] ,src="/etc/python2.5/")',

> And thanks a lot Daniel, need to find a way to get somebeer over to
> ya... ;-)

You're welcome! Don't worry about the beer, I'd only consider a real
promise if it involved chocolate :D


More information about the Python-list mailing list