[pypy-commit] pypy default: don't use eval on user input

cfbolz Mon, 04 Jul 2016 23:32:53 -0700

Author: Carl Friedrich Bolz <cfb...@gmx.de>
Branch: 
Changeset: r85552:7f5d1ceedd1d
Date: 2016-07-05 08:29 +0200
http://bitbucket.org/pypy/pypy/changeset/7f5d1ceedd1d/


Log:    don't use eval on user input

diff --git a/dotviewer/graphparse.py b/dotviewer/graphparse.py
--- a/dotviewer/graphparse.py
+++ b/dotviewer/graphparse.py
@@ -85,10 +85,11 @@
     pass
 
 def splitline(line, re_word = re.compile(r'[^\s"]\S*|["]["]|["].*?[^\\]["]')):
+    import ast
     result = []
     for word in re_word.findall(line):
         if word.startswith('"'):
-            word = eval(word)
+            word = ast.literal_eval(word)
         result.append(word)
     return result
 
_______________________________________________
pypy-commit mailing list
pypy-commit@python.org
https://mail.python.org/mailman/listinfo/pypy-commit

[pypy-commit] pypy default: don't use eval on user input

Reply via email to