[Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

Hi, The dangers of eval and exec are obvious and well known to advanced users, but the availability as built-in functions makes it too tempting for beginners or even medium-level programmers. You can see questions about these function pretty often in stackoverflow (roughly once a day

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

07.11.17 12:29, אלעזר пише: Also, it is unfortunate that `ast.literal_eval` is less accessible than `builtins.eval`. Giving it an alias in builtins might make it easier for programmers (and less scary - "ast" might sound like I need a PhD to use it). ast.literal_eval is not so safe as you thi

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote: > 07.11.17 12:29, אלעזר пише: > >Also, it is unfortunate that `ast.literal_eval` is less accessible than > >`builtins.eval`. Giving it an alias in builtins might make it easier for > >programmers (and less scary - "ast" might sound

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 7, 2017 at 6:41 AM, Steven D'Aprano wrote: > > >Also, it is unfortunate that `ast.literal_eval` is less accessible than > > >`builtins.eval`. Giving it an alias in builtins might make it easier for > > >programmers (and less scary - "ast" might sound like I need a PhD to use > > >it)

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Wed, Nov 8, 2017 at 7:33 AM, Chris Barker wrote: > On Tue, Nov 7, 2017 at 6:41 AM, Steven D'Aprano wrote: >> In any case, I think that securing literal_eval is much simpler than >> securing eval: >> >> try: >> # a thousand character expression ought to be enough for >> # any legitimate

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

בתאריך יום ג׳, 7 בנוב׳ 2017, 22:59, מאת Chris Angelico ‏: > > -1 on hiding eval/exec; these features exist in many languages, and > they're identically dangerous everywhere. Basically, use eval only > with text from the owner of the system, not from anyone untrusted. > I am sorry. I don't underst

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Wed, Nov 8, 2017 at 8:39 AM, אלעזר wrote: > > > בתאריך יום ג׳, 7 בנוב׳ 2017, 22:59, מאת Chris Angelico ‏: >> >> >> -1 on hiding eval/exec; these features exist in many languages, and >> they're identically dangerous everywhere. Basically, use eval only >> with text from the owner of the system,

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote: > The dangers of eval and exec are obvious and well known to advanced users, > but the availability as built-in functions makes it too tempting for > beginners or even medium-level programmers. > I find it dubious to claim that these functions are dan

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

07.11.17 16:41, Steven D'Aprano пише: On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote: 07.11.17 12:29, אלעזר пише: Also, it is unfortunate that `ast.literal_eval` is less accessible than `builtins.eval`. Giving it an alias in builtins might make it easier for programmers (and l

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On 2017-11-07 08:29 AM, אלעזר wrote: Hi, The dangers of eval and exec are obvious and well known to advanced users, but the availability as built-in functions makes it too tempting for beginners or even medium-level programmers. You can see questions about these function pretty often in sta

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

But the point is that the compiler is recursive, and processing nested constructs consumes the C stack. There are some guards against too deep recursion (2.7 has less guards and more vulnerable), but it is hard to prove that all vulnerabilities are fixed. Your method (limiting the size of the inpu

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Wed, Nov 8, 2017 at 10:58 AM, Chris Barker - NOAA Federal wrote: > > > But the point is that the compiler is recursive, and processing nested > constructs consumes the C stack. There are some guards against too deep > recursion (2.7 has less guards and more vulnerable), but it is hard to prove

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote: > On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote: > > > The dangers of eval and exec are obvious and well known to advanced users, > > but the availability as built-in functions makes it too tempting for > > beginners or even medium-l

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 7, 2017 at 6:26 PM, Steven D'Aprano wrote: > On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote: > > On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote: > > > > > The dangers of eval and exec are obvious and well known to advanced > users, > > > but the availability as built-i

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On 11/07/2017 03:12 PM, Soni L. wrote: exec("def one(x):\n [r] = x\n return r") # who says python doesn't have one-liners? (ofc, some would argue you should use: one = (lambda x: (lambda y: y)(*x)) Most would argue that def one(x): [r] = x return r is the appropriate code. -- ~Eth

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

Le 07/11/2017 à 22:39, אלעזר a écrit : > > > בתאריך יום ג׳, 7 בנוב׳ 2017, 22:59, מאת Chris Angelico > ‏mailto:ros...@gmail.com>>: > > > -1 on hiding eval/exec; these features exist in many languages, and > they're identically dangerous everywhere. Basically, use eval only > with t