Re: First security bug related to f-strings

On Sat, Nov 5, 2016 at 6:50 PM, Irmen de Jong wrote: > Perhaps. But in those cases you could just leave things on the default. > If you choose to run the interpreter with eval (and exec) disabled, you > should be aware > that you'll break tools like that. But for other

Re: First security bug related to f-strings

On 5-11-2016 19:08, eryk sun wrote: > On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong wrote: >> I think perhaps we should have a command line option / environment variable >> to be able >> to disable 'eval' altogether > > I don't think that's practical. exec and eval

Re: First security bug related to f-strings

On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong wrote: > I think perhaps we should have a command line option / environment variable > to be able > to disable 'eval' altogether I don't think that's practical. exec and eval are commonly used by shells and IDEs such as

Re: First security bug related to f-strings

On 5-11-2016 18:12, Steve D'Aprano wrote: > Well, that didn't take very long at all. > > Here's the first security bug which is related to the new (and badly > misnamed) f-string feature: > > http://bugs.python.org/issue28563 I think perhaps we should have a command line option / environment

First security bug related to f-strings

Well, that didn't take very long at all. Here's the first security bug which is related to the new (and badly misnamed) f-string feature: http://bugs.python.org/issue28563 Note what I'm not saying: I'm not saying that the bug is *caused* by f-strings. It is not. The bug is actually caused by