Sandboxing eval()
inhahe
inhahe at gmail.com
Tue Jan 21 08:14:12 EST 2020
> I have written a simple parser/evaluator that is sufficient for my
> simple requirements, and I thought I was safe.
>
> Then I saw this comment in a recent post by Robin Becker of ReportLab -
>
> "avoiding simple things like ' '*(10**200) seems quite difficult"
>
> I realised that my method is vulnerable to this and, like Robin, I have
> not come up with an easy way to guard against it.
>
> Frank Millman
>
>
Just use floats instead of integers.
More information about the Python-list
mailing list