Author xiang.zhang
Recipients Carl Ekerot, christian.heimes, loewis, serhiy.storchaka, xiang.zhang
Date 2016-11-05.19:21:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1478373704.93.0.465961593963.issue28563@psf.upfronthosting.co.za>
In-reply-to
Content
Christian, I think our patches are quite similar in function. They only allow limited tokens. 

> I consider it a superior solution and a fix for more generic attacks

Mine now still allows **. But it can be easily fixed.

But both our patches still translate a C expression to Python and still suffer from nested ternary operator and different semantics between C and Python, e.g. (2==2==2 as Serhiy notes). :-( I plan to try a simple parser.
History
Date User Action Args
2016-11-05 19:21:44xiang.zhangsetrecipients: + xiang.zhang, loewis, christian.heimes, serhiy.storchaka, Carl Ekerot
2016-11-05 19:21:44xiang.zhangsetmessageid: <1478373704.93.0.465961593963.issue28563@psf.upfronthosting.co.za>
2016-11-05 19:21:44xiang.zhanglinkissue28563 messages
2016-11-05 19:21:44xiang.zhangcreate