Re: Eval (was Re: Question about the use of python as a scripting language)

[Brendon Towle]

On 10 Aug 2006, at 10:46 AM, [EMAIL PROTECTED] wrote:     Brendon> A shortcut occurs to me; maybe someone can tell me what's wrong     Brendon> with my reasoning here. It seems that any string that is unsafe     Brendon> to pass to eval() must involve a function call, and thus must     Brendon> contain an opening paren. Given that I know that the data I     Brendon> expect contains no parens, would people expect this code to be     Brendon> safe: Unfortunately, no.  If I define a class which has properties, attribute assignment can involve arbitrary numbers of function calls. Oh yeah -- forgot about that. Thanks. But, how could you get that class into my eval() call? Unless I'm missing something (entirely possible -- as we've seen above, I already did), it seems that you have only two options: 1. Get the code containing the class on my local machine, and import the class -- in this case, I'm screwed long before I call eval(). 2. Include it in the page I downloaded -- in this case, the function calls will be part of the string, and the data.pos('(') call will find them. Am I missing a third option?  B. -- Brendon Towle, PhD Cognitive Scientist +1-412-690-2442x127 Carnegie Learning, Inc. The Cognitive Tutor Company ® Helping over 375,000 students in 1000 school districts succeed in math.

-- 
http://mail.python.org/mailman/listinfo/python-list