Index: Lib/collections.py =================================================================== --- Lib/collections.py (revision 55472) +++ Lib/collections.py (working copy) @@ -20,11 +20,15 @@ 33 >>> p # readable __repr__ with name=value style Point(x=11, y=22) - """ - + # protect against exec attacks + if not typename.replace('_', '').isalnum(): + raise ValueError("typename '%s' contains invalid characters." % + typename) + if not ''.join(field_names).replace('_', '').isalnum(): + raise ValueError("field_names '%s' contains invalid characters." % + typename) field_names = s.split() - assert ''.join(field_names).replace('_', '').isalpha() # protect against exec attacks argtxt = ', '.join(field_names) reprtxt = ', '.join('%s=%%r' % name for name in field_names) template = '''class %(typename)s(tuple):