This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pablogsal
Recipients BTaskaya, pablogsal, rhettinger, serhiy.storchaka
Date 2020-01-03.19:32:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The function literal_eval is not safe anymore as the constructor can be intercepted:

>>> import builtins
>>> def evil_code(*args):
...     print("Something evil")
>>> builtins.set = evil_code
>>> ast.literal_eval("set()")
Something evil

I think we should either use {0}.__class__.

Also, the documentation now is wrong as the function does more than evaluate literals or container displays.
Date User Action Args
2020-01-03 19:32:37pablogsalsetrecipients: + pablogsal, rhettinger, serhiy.storchaka, BTaskaya
2020-01-03 19:32:37pablogsalsetmessageid: <>
2020-01-03 19:32:37pablogsallinkissue39158 messages
2020-01-03 19:32:37pablogsalcreate