Is Eval *always* Evil?
nagle at animats.com
Thu Nov 11 09:07:53 CET 2010
On 11/10/2010 6:39 PM, Robert Kern wrote:
> On 2010-11-10 17:14 , Christian Heimes wrote:
>> Am 10.11.2010 18:56, schrieb Simon Mullis:
>> Yes, eval is evil, may lead to security issues and it's unnecessary
>> slow, too.
If you have to use "eval", use the 2 or 3 argument form with a
"globals" and "locals" dictionary. This lists the variables
and functions that "eval" can see and touch.
The Python documentation for this is not very good:
"If the globals dictionary is present and lacks ‘__builtins__’, the
current globals are copied into globals before expression is parsed.
This means that expression normally has full access to the standard
__builtin__ module and restricted environments are propagated."
What this means is that you have to put in "__builtins__" to
PREVENT all built-ins from being imported.
for something readable on how to use "eval" safely.
More information about the Python-list