First security bug related to f-strings
eryk sun
eryksun at gmail.com
Sat Nov 5 14:08:44 EDT 2016
On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong <irmen.NOSPAM at xs4all.nl> wrote:
> I think perhaps we should have a command line option / environment variable to be able
> to disable 'eval' altogether....
I don't think that's practical. exec and eval are commonly used by
shells and IDEs such as IDLE and IPython. In the standard library,
importlib and namedtuple are two important users of exec. Just try
`import builtins; del builtins.exec, builtins.eval`.
More information about the Python-list
mailing list