On Sun, Jan 4, 2009 at 6:46 PM, Tino Wildenhain wrote:
> mario wrote:
>>
>> On Jan 3, 7:16 am, Steven D'Aprano > cybersource.com.au> wrote:
>>
>>> I was about to make a comment about this being a security hole,
>>
>> Strange that you say this, as you are also implying that *all* the
>> widely-used
mario wrote:
On Jan 3, 7:16 am, Steven D'Aprano wrote:
I was about to make a comment about this being a security hole,
Strange that you say this, as you are also implying that *all* the
widely-used templating systems for python are security holes... Well,
you would be right to say that of co
On Sat, 03 Jan 2009 04:14:14 -0800, mario wrote:
> On Jan 3, 7:16 am, Steven D'Aprano cybersource.com.au> wrote:
[...]
>> I must say though, your choice of builtins to prohibit seems rather
>> arbitrary. What is dangerous about (e.g.) id() and isinstance()?
>
> Preventive, probably. I also feel
correction: the code posted in previous message should have been:
def __getitem__(self, expr):
try:
return eval(self.codes[expr], self.globals, self.locals)
except:
# We want to catch **all** evaluation errors!
# KeyError, NameError, Attribu
On Jan 3, 7:16 am, Steven D'Aprano wrote:
> I was about to make a comment about this being a security hole,
Strange that you say this, as you are also implying that *all* the
widely-used templating systems for python are security holes... Well,
you would be right to say that of course ;-) Infact
On Fri, 02 Jan 2009 17:29:29 -0800, mario wrote:
> Hi,
>
> below is the essence of a an expression evaluator, by means of a getitem
> lookup. The expression codes are compiled and cached -- the lookup is
> actually recursive, and the first time around it will always fail.
>
> import sys
> class
What do you mean by 'fail'?
you have;
:: self.codes = {}
so
:: try:
::return eval(self.codes[expr], self.globals, self.locals)
will always return an exception the first time (if this is what you're
referring to).
--
http://mail.python.org/mailman/listinfo/python-list
