On Mar 2, 8:43 am, John Nagle <na...@animats.com> wrote: > Carl Banks wrote: > > On Feb 27, 7:21 pm, Sammo <sammo2...@gmail.com> wrote: > >> Given that execfile has been removed in py3k, I want to understand > >> exactly why. > > >> Okay, I get that execfile is bad from the following thread: > > >> On Jul 29 2007, 2:39 pm, Steven D'Aprano > > >> <st...@remove.this.cybersource.com.au> wrote: > >>> (1) Don't use eval, exec or execfile. > >>> (2) If you're an expert, don't use eval, exec or execfile. > >>> (3) If you're an expert, and are fully aware of the security risks, don't > >>> use eval, exec or execfile. > >>> (4) If you're an expert, and are fully aware of the security risks, and > >>> have a task that can only be solved by using eval, exec or execfile, find > >>> another solution. > >>> (5) If there really is no other solution, you haven't looked hard enough. > >>> (6) If you've looked REALLY hard, and can't find another solution, AND > >>> you're an expert and are fully aware of the security risks, THEN you can > >>> think about using eval, exec or execfile. > >> What are some of the reasons why execfile should not be used? > > >> What are some examples of cases where execfile is the correct way of > >> doing something? > > > [For instance, the package I use to generate my web site uses exec and > > eval, because it processes templates with embedded Python code. > > Now there's an example of exactly what exec and eval shouldn't be used > for. > > You don't put general-purpose execution mechanisms into your web site > template system. That's just asking for trouble.
It really isn't for a static web site generator with a single author, which is what my package is for. Carl Banks -- http://mail.python.org/mailman/listinfo/python-list