Steven D'Aprano <ste...@remove.this.cybersource.com.au> writes: > On Mon, 08 Feb 2010 14:43:46 -0800, Aahz wrote: > >>>> WARNING: eval() is almost always the wrong answer to any question >>> >>>warning : it works ! >> >> Works for what? > > Code injection security bugs, of course. > > http://en.wikipedia.org/wiki/Code_injection > > It is surprisingly difficult to sanitize strings in Python to make them > safe to pass to eval. Unless you are prepared to trust the input data > explicitly, it's best to just avoid eval.
Despite the fact that it's used in the standard library... -- http://mail.python.org/mailman/listinfo/python-list
