On Fri, Nov 21, 2014, at 05:47, Chris Angelico wrote: > Now, maybe you want it to eval. There are times when I conceptually > want "enter an integer", but it makes good sense to be able to type > "1+2" and have it act as if I typed "3". That's fine... but if you > want eval, write eval into your code. Be explicit: > eval(raw_input("Enter a number: ")) makes it very clear that you're > accepting code at the console.
Out of curiosity, is there a way to use eval "safely" (i.e. strictly limiting what it has access to) across a privilege boundary? This also comes up for pickle and other serialization formats that can store arbitrary classes (i.e. call arbitrary constructors). I remember an IRC channel I sometimes go in has a chatbot (written in perl) which has a calculator function, it goes with the low-tech solution of removing via regex anything that isn't an operator or a number literal. -- https://mail.python.org/mailman/listinfo/python-list