If you try to insert an item into the treeview, give it a tuple of values for the "values" attribute, and one of those values has unbalanced braces, you'll get an error "unmatched open brace in list"

To reproduce:

import Tkinter as tk
import ttk

root = tk.Tk()
tree = ttk.Treeview(root)
tree.insert("","end",values=("one","two","bam! {"))

root.mainloop()

What behavior do you expect? By accident, I found your reply to this StackOverflow question. I take it from that that you think tkinter should be quoting curly braces found in strings. If that is what you mean, can you specify the set of characters that need to be escaped and in what contexts?

http://stackoverflow.com/questions/11566299/unmatched-open-brace-error-when-adding-item-to-ttk-treeview

What behavior do I expect? I expect it to not throw an error. I expect whatever string I give to be inserted into the widget unadulterated (ie: if I give the string "foo {" I expect to see "foo {" in the widget).

Tkinter is effectively telling me "you have a Tcl syntax error". Since I'm programming in python I should be insulated from that, particularly since the error comes internally after Tkinter transforms my data.

How Tkinter does it under the hood, I don't care. Tkinter should make sure that the data it passes to the Tcl interpreter is well-formed.

I agree with Bryan. Further, if the string is being interpreted as Tcl, then this strikes me as a possible injection attack vector (although I'll admit to not having looked at the code to see how the Tcl code is being used and/or interpreted).

I agree as well. The bigger question is, as Eric suggests, is this the only such case when mapping between Python and Tcl elements? Since Bryan is a well-known Tcl and Tkinter expert, his insights on that would be very useful.

I gave myself an hour or so to play around with this, and the crux of the matter seems to be in the function _format_optdict() which converts a dictionary of options and values into something suitable to pass to tk.call(). However, I think the same bug is in other _format* functions as well, it's just that their nature is such that they have much less of a chance to be passed weird data.

_format_optdict has some code that does a half-hearted attempt at handling values that are tuples, such as the case with the "values" attribute of the ttk.Treeview widget. However, all it does is protect values that have a space, by surrounding the value with curly braces. Hence, when the value itself has a curly brace, tcl throws the "unmatched open brace" error.

What is needed is to create a bona fide tcl list element according to the rules of Tcl. I tried a hack where I simply escaped all problem characters, so instead of returning {foo bar} the function returns foo\ bar. This seemed to work, at least for the tiny bit of testing that I did. Another solution might be to do something like tk.call("list",*the_tuple), though sadly, _format_optdict is a function rather than a method so it doesn't have access to the tcl interpreter.

What I think ttk needs (and may already exist somewhere in the Tkinter world; I haven't looked...) is a function that takes a tuple and converts it to a canonical list. Then, the places that do something ad hoc can all call this one function.

For more information on the gory details of the string representation of a list see http://www.tcl.tk/cgi-bin/tct/tip/407.html

Just tested on 3.3 and this still happens with that version of Tkinter, which should mean the same happens in 3.2 and 3.4.

I think this is a case of faulty over-engineering in the ttk module. The following works just fine (imports converted to Python3):

import tkinter as tk
import tkinter.ttk as ttk

root = tk.Tk()
tree = ttk.Treeview(root, columns="1 2 3")
tree.tk.call(tree, "insert", "", "end" , "-values", ("one","two","bam! {"))
tree.grid()

root.mainloop()

Here is a patch for right quoting of arguments before concatenation. Thanks Bryan Oakley for the analysis.

Patch updated.

Patch updated. Added additional tests for ttk.Combobox (see bpo-11290).

Patch for 2.7 added.

I consider myself the main responsible for this bug, so if the current patch (which I didn't look at) passes all tests, doesn't slow things up (unlikely, I would think) and also works with some more involved styling code then I'm fine with it.

These formatting functions were added to the ttk module to make it easier to create and adjust styles using Python. It wouldn't be possible without them unless the person basically coded in Tcl while in Python. These functions ended up being used in other places (as was noticed here) for convenience. All in all, I'm glad someone else is using the module, reporting, and improving it.

Have you reviewed the patch? Is it good?

New changeset 411bb75be5d1 by Serhiy Storchaka in branch '3.2':
Issue bpo-15861: tkinter now correctly works with lists and tuples containing
http://hg.python.org/cpython/rev/411bb75be5d1

New changeset 927352d7e994 by Serhiy Storchaka in branch '3.3':
Issue bpo-15861: tkinter now correctly works with lists and tuples containing
http://hg.python.org/cpython/rev/927352d7e994

New changeset 340e97ebe911 by Serhiy Storchaka in branch 'default':
Issue bpo-15861: tkinter now correctly works with lists and tuples containing
http://hg.python.org/cpython/rev/340e97ebe911

New changeset 917ae14831ec by Serhiy Storchaka in branch '2.7':
Issue bpo-15861: tkinter now correctly works with lists and tuples containing
http://hg.python.org/cpython/rev/917ae14831ec

Fixed. Thank you for report, Bryan Oakley.