Author loewis
Recipients Arach, Arfrever, Huzaifa.Sidhpurwala, Jim.Jewett, Mark.Shannon, PaulMcMillan, Zhiping.Deng, alex, barry, benjamin.peterson, christian.heimes, dmalcolm, eric.snow, fx5, georg.brandl, grahamd, gregory.p.smith, gvanrossum, gz, haypo, jcea, lemburg, loewis, mark.dickinson, merwok, neologix, pitrou, skrah, terry.reedy, tim.peters, v+python, zbysz
Date 2012-01-26.23:03:35
SpamBayes Score 0.00997814
Marked as misclassified No
Message-id <20120127000334.Horde.aM5EaVNNcXdPIdvGl__HGMA@webmail.df.eu>
In-reply-to <CAFRnB2V+MkumT1i4+KpC-T=Zyt5ABZRUdKhnwoCLR5q8njRh5w@mail.gmail.com>
Content
> But using non-__builtin__.str objects (such as UserString) would expose the
> user to an attack?

Not necessarily: only if they use these strings as dictionary keys, and only
if they do so in contexts where arbitrary user input is consumed. In these
cases, users need to rewrite their code to replace the keys. Using dictionary
wrappers (such as UserDict), this is possible using only local changes.
History
Date User Action Args
2012-01-26 23:03:35loewissetrecipients: + loewis, lemburg, gvanrossum, tim.peters, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, pitrou, haypo, christian.heimes, benjamin.peterson, merwok, grahamd, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5
2012-01-26 23:03:35loewislinkissue13703 messages
2012-01-26 23:03:35loewiscreate