➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2005-07-13 16:45 by georg.brandl, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (2) | |||
|---|---|---|---|
| msg54583 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2005-07-13 16:45 | |
The docs for eval and exec should have pointers how to avoid them, by e.g. using locals(), globals(), getattr, setattr etc. Many questions pop up on c.l.py which could be answered by this. |
|||
| msg54584 - (view) | Author: Raymond Hettinger (rhettinger) * |
Date: 2005-07-13 21:45 | |
Logged In: YES user_id=80475 This should not be in the docs. Both eval() and exec are legitmate parts of the language with valid use cases. Avoidance of eval() and exec is a comp.lang.python security cult. If you feel the need, write a FAQ entry and submit it to Andrew. The entry should be neautrally worded with an informative note on the security risks of blindly running untrusted code and will a short listing of faster or more secure approaches for common use cases. Also, mention the input() includes an implicit call to eval(). |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:12 | admin | set | github: 42185 |
| 2005-07-13 16:45:44 | birkenfeld | create | |