On Thu, Oct 9, 2008 at 2:26 PM, Warren DeLano <[EMAIL PROTECTED]> wrote: > JSON rocks! Thanks everyone.
Yes it does :) > Ben wrote: > >>More generally, you should never execute (via eval, exec, or whatever) >>*any* instruction from an untrusted path; especially not arbitrary >>data from an input stream. I second this. > Wow, for the record, I completely disagree with this point of view: > Today's web apps wouldn't exist without safe forms of untrusted eval/exec > (Javascript anyone?). Such dogma is appropriate when dealing with the > CPython VM, but not as a general principle. It's far better to use Data Structures rather than Programming Constructs to represent and transmit your data. > "Rocket fuel may be dangerous, but you ain't shooting the moon without it!" Do we trust fuel from untrusted sources ? cheers James -- -- -- "Problems are solved by method" -- http://mail.python.org/mailman/listinfo/python-list