On Tue, 24 Jan 2023 at 04:56, Johannes Bauer <dfnsonfsdu...@gmx.de> wrote: > > Hi there, > > is there an easy way to evaluate a string stored in a variable as if it > were an f-string at runtime? > > ... > > This is supposedly for security reasons. However, when trying to emulate > this behavior that I wanted (and know the security implications of), my > solutions will tend to be less secure. Here is what I have been thinking > about:
If you really want the full power of an f-string, then you're asking for the full power of eval(), and that means all the security implications thereof, not to mention the difficulties of namespacing. Have you considered using the vanilla format() method instead? But if you really REALLY know what you're doing, just use eval() directly. I don't really see what you'd gain from an f-string. At very least, work with a well-defined namespace and eval whatever you need in that context. Maybe, rather than asking for a way to treat a string as code, ask for what you ACTUALLY need, and we can help? ChrisA -- https://mail.python.org/mailman/listinfo/python-list
