➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2010-02-15 13:38 by kjohnson, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (2) | |||
|---|---|---|---|
| msg99363 - (view) | Author: Kent Johnson (kjohnson) * | Date: 2010-02-15 13:38 | |
eval() is a known security hole. Since Python 2.6 ast.literal_eval() provides a better alternative in many cases. literal_eval() is not as well known as eval() and not easy to find even if you know it exists (but don't remember the name). eval() comes up over and over in the Python-tutor list and the attendant warnings are repeated ad nauseum; literal_eval() is rarely mentioned as an alternative. Suggestion: in the docs for eval(), put a warning about security risks and a cross-reference to literal_eval(). For example: Warning: eval() executes any expression and should be used only with trusted input. ast.literal_eval() is a safe alternative for evaluating expressions containing only Python literals. Thanks! |
|||
| msg109976 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2010-07-11 09:42 | |
Added reference in r82805. Thanks! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:57 | admin | set | github: 52183 |
| 2010-07-11 09:42:19 | georg.brandl | set | status: open -> closed resolution: fixed messages: + msg109976 |
| 2010-07-10 15:13:58 | BreamoreBoy | set | assignee: georg.brandl -> docs@python nosy: + docs@python versions: + Python 3.2, - Python 2.6 |
| 2010-02-15 13:38:18 | kjohnson | create | |