On 2017-11-07 08:29 AM, אלעזר wrote:
Hi,
The dangers of eval and exec are obvious and well known to advanced
users, but the availability as built-in functions makes it too
tempting for beginners or even medium-level programmers. You can see
questions about these function pretty often in stackoverflow (roughly
once a day
<https://stackoverflow.com/search?tab=newest&q=eval%20python>, though
sometimes the uses are legitimate).
Maybe we could start a ten-year process of deprecating the use of
`builtins.eval` (in the docs, and then with warnings)? `builtins.eval`
will be a wrapper to the real evaluation function, moved to
`unsafe.eval` or something obvious like that, so all you need to do to
port your code is to add `from unsafe import unsafe_eval as eval,
unsafe_exec as exec` at the top of the file; it will be a nice warning
to the reader.
The fact that it is a wrapper will slightly slow it down and make the
stack traces noisier - both are good things, IMO.
Also, it is unfortunate that `ast.literal_eval` is less accessible
than `builtins.eval`. Giving it an alias in builtins might make it
easier for programmers (and less scary - "ast" might sound like I need
a PhD to use it).
What do you think?
Please don't!
exec("def one(x):\n [r] = x\n return r") # who says python doesn't have
one-liners?
(ofc, some would argue you should use:
one = (lambda x: (lambda y: y)(*x))
but I digress)
Elazar
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/