Author: Carl Friedrich Bolz <[email protected]>
Branch:
Changeset: r85552:7f5d1ceedd1d
Date: 2016-07-05 08:29 +0200
http://bitbucket.org/pypy/pypy/changeset/7f5d1ceedd1d/
Log: don't use eval on user input
diff --git a/dotviewer/graphparse.py b/dotviewer/graphparse.py
--- a/dotviewer/graphparse.py
+++ b/dotviewer/graphparse.py
@@ -85,10 +85,11 @@
pass
def splitline(line, re_word = re.compile(r'[^\s"]\S*|["]["]|["].*?[^\\]["]')):
+ import ast
result = []
for word in re_word.findall(line):
if word.startswith('"'):
- word = eval(word)
+ word = ast.literal_eval(word)
result.append(word)
return result
_______________________________________________
pypy-commit mailing list
[email protected]
https://mail.python.org/mailman/listinfo/pypy-commit
