Using Python for date calculations

random832 at fastmail.us random832 at fastmail.us
Fri Nov 21 14:58:13 CET 2014


On Fri, Nov 21, 2014, at 05:47, Chris Angelico wrote:
> Now, maybe you want it to eval. There are times when I conceptually
> want "enter an integer", but it makes good sense to be able to type
> "1+2" and have it act as if I typed "3". That's fine... but if you
> want eval, write eval into your code. Be explicit:
> eval(raw_input("Enter a number: ")) makes it very clear that you're
> accepting code at the console.

Out of curiosity, is there a way to use eval "safely" (i.e. strictly
limiting what it has access to) across a privilege boundary? This also
comes up for pickle and other serialization formats that can store
arbitrary classes (i.e. call arbitrary constructors).

I remember an IRC channel I sometimes go in has a chatbot (written in
perl) which has a calculator function, it goes with the low-tech
solution of removing via regex anything that isn't an operator or a
number literal.



More information about the Python-list mailing list