simple string question
Steven D'Aprano
steven at REMOVE.THIS.cybersource.com.au
Mon Sep 7 23:39:28 EDT 2009
On Mon, 07 Sep 2009 01:54:09 -0700, Niklas Norrthon wrote:
> Others have answered how to replace '\\n' with '\n'. For a more general
> approach which will handle all string escape sequences allowed in python
> (including '\xdd' and similar), python's eval can be used:
eval can do so much more than handle escape sequences:
quoted_string = ') or __import__("os").system("echo \'Pwn3d\';#rm -rf /"'
print eval('str(%s)' % quoted_string)
Every (bad) programmer should pass untrusted strings to eval as a quick
and unsafe way to do trivial transformations.
http://en.wikipedia.org/wiki/Code_injection
--
Steven
More information about the Python-list
mailing list