On Sat, 29 Jan 2005 08:53:45 -0600, Skip Montanaro <[EMAIL PROTECTED]> wrote: > > >> One thing my company has done is written a ``safe_eval()`` that uses > >> a regex to disable double-underscore access. > > Alex> will the regex catch getattr(object, > Alex> 'subclasses'.join(['_'*2]*2)...?-) > > Now he has two problems. ;-)
I nearly asked that question, then I realised that 'getattr' is quite easy to remove from the global namespace for the code in question, and assumed that they had already thought of that. Stephen. -- http://mail.python.org/mailman/listinfo/python-list
