use strings to call functions

Steven D'Aprano steven at REMOVE.THIS.cybersource.com.au
Tue Feb 9 09:11:02 CET 2010


On Tue, 09 Feb 2010 07:29:33 +0000, Paul Rudin wrote:

>> It is surprisingly difficult to sanitize strings in Python to make them
>> safe to pass to eval. Unless you are prepared to trust the input data
>> explicitly, it's best to just avoid eval.
> 
> Despite the fact that it's used in the standard library...

Wisely or not, the standard library implicitly trusts it's input.

That's one of the many reasons why it's so hard to have a restricted 
subset of Python.




-- 
Steven



More information about the Python-list mailing list