Message304367
It has been some time since literal_eval literally only evaluated literals. 'constant_eval' might be a better name now, with the proviso of 'safely, in reasonable time'.
>>> from ast import literal_eval as le
>>> le('(1,2,3)')
(1, 2, 3)
>>> le('(1,2, (3,4))')
(1, 2, (3, 4))
I believe there was once a time when a simple tuple would be evaluated, while a nested one would not be.
"It is not capable of evaluating arbitrarily complex expressions, for example involving operators or indexing." I do not read this as prohibiting all operators, but rather that now all will be accepted.
>>> le(2**2)
...
ValueError: malformed node or string: 4
Exponentiation of ints can take exponential time and can be used for denial of service attacks.
>>> le('2017-10-10')
1997
This is correct. For '2017-10-10' to be a string representing a date, it must be quoted as a string in the code.
>>> le("'2017-10-10'")
'2017-10-10'
Rolling back previous enhancements would break existing code, so a deprecation period would be required. But I would be inclined to instead update the doc to match the updated code better. Lets see what others think. |
|
Date |
User |
Action |
Args |
2017-10-13 22:03:44 | terry.reedy | set | recipients:
+ terry.reedy, brett.cannon, ncoghlan, benjamin.peterson, yselivanov, David Bieber |
2017-10-13 22:03:44 | terry.reedy | set | messageid: <1507932224.7.0.213398074469.issue31778@psf.upfronthosting.co.za> |
2017-10-13 22:03:44 | terry.reedy | link | issue31778 messages |
2017-10-13 22:03:43 | terry.reedy | create | |
|