Ant wrote:
> So how do python app's typically embed python? For example things like
> Zope and idle are scripted using Python - presumably they restrict the
> execution of the scripts to a restricted set of modules/objects - but
> how is this done?
why? anyone capable of adding code to idle alre
> As Fredrik points out, embedded Python isn't the same as running
> untrusted code. The reality is, Python has not been designed for running
> untrusted code safely.
So how do python app's typically embed python? For example things like
Zope and idle are scripted using Python - presumably they r
Fredrik Lundh <[EMAIL PROTECTED]> wrote:
>Ant wrote:
>> It seems that there must be a way to use eval safely, as there are
>> plenty of apps that embed python as a scripting language - and what's
>> the point of an eval function if impossible to use safely, and you have
>> to write your own Python
On Fri, 07 Jul 2006 09:39:38 -0700, Ant wrote:
>
>> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
>> [('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})]
>> # line injected by a malicious user
>> "__import__('os').system('echo if I were bad I could do worse')"
>> [('recId', 7 ), ('pars
On Fri, 07 Jul 2006 19:57:02 +0200, Fredrik Lundh wrote:
> Steven D'Aprano wrote:
>
>> Personally, I would never use eval on any string I didn't write myself. If
>> I was thinking about evaluating a user-string, I would always write a
>> function to parse the string and accept only the specific s
Steven D'Aprano wrote:
> Personally, I would never use eval on any string I didn't write myself. If
> I was thinking about evaluating a user-string, I would always write a
> function to parse the string and accept only the specific sort of data I
> expected. In your case, a quick-and-dirty unteste
Ant wrote:
> It seems that there must be a way to use eval safely, as there are
> plenty of apps that embed python as a scripting language - and what's
> the point of an eval function if impossible to use safely, and you have
> to write your own Python parser!!
embedding python != accepting scrip
> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})]
> # line injected by a malicious user
> "__import__('os').system('echo if I were bad I could do worse')"
> [('recId', 7 ), ('parse', {'pos': u'np', 'gen': u'm'})]
I'm curious, if you
On Thu, 06 Jul 2006 03:34:32 -0700, manstey wrote:
> Hi,
>
> I have a text file called a.txt:
>
> # comments
> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 7 ), ('parse', {'pos': u'np', 'gen': u'm'})]
>
> I read it
> hint 1:
hint 1b:
>>> eval("[('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]")
[('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
>>> eval("[('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]\n")
[('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
>>> eval("[('recId', 3), ('parse
manstey schreef:
> Hi,
>
> I have a text file called a.txt:
>
> # comments
> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 7 ), ('parse', {'pos': u'np', 'gen': u'm'})]
>
> I read it using this:
>
> filAnsMorph = code
"manstey" <[EMAIL PROTECTED]> wrote:
> That doesn't work. I just get an error:
>
>x = eval(line.strip('\n'))
> File "", line 1
> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
>
> SyntaxError: unexpected EOF while parsing
>
> any other ideas?
hint 1:
>>> eval("[('recId', 3), ('p
manstey wrote:
> That doesn't work. I just get an error:
>
> x = eval(line.strip('\n'))
>File "", line 1
> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
>
> SyntaxError: unexpected EOF while parsing
>
is the last line of your file empty ??
what with
for line in filA
That doesn't work. I just get an error:
x = eval(line.strip('\n'))
File "", line 1
[('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
SyntaxError: unexpected EOF while parsing
any other ideas?
Bruno Desthuilliers wrote:
> manstey wrote:
> > Hi,
> >
> > I have a text file called
manstey wrote:
> Hi,
>
> I have a text file called a.txt:
>
> # comments
> [('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})]
> [('recId', 7 ), ('parse', {'pos': u'np', 'gen': u'm'})]
>
> I read it using this:
>
> filAnsMorph = codecs
Hi,
I have a text file called a.txt:
# comments
[('recId', 3), ('parse', {'pos': u'np', 'gen': u'm'})]
[('recId', 5), ('parse', {'pos': u'np', 'gen': u'm'})]
[('recId', 7 ), ('parse', {'pos': u'np', 'gen': u'm'})]
I read it using this:
filAnsMorph = codecs.open('a.txt', 'r', 'utf-8') # Initiali
16 matches
Mail list logo
