On 9 Aug 2006, at 12:03 PM, [EMAIL PROTECTED] wrote:


    Brendon> I could do that, or I could do something like the re.* trick
    Brendon> mentioned by another poster. But, doesn't it offend anyone else
    Brendon> that the only clean way to access functionality that's already
    Brendon> in Python is to write long complicated Python code? Python
    Brendon> already knows how to extract a list object from a string; why
    Brendon> should I have to rewrite that?

Doesn't bother me at all.  One, it's not actually Python code, it's
_javascript_.  It's just serendipity that the table can be parsed as a Python
list.  Two, there's nothing to prevent the authors from changing the
formatting in an incompatible way in the future.

I think that these are actually the same reason, and can be safely ignored, because item 2 is true no matter what method I use to parse the data. Sure, it's serendipity, but that happens to be the hand I'm dealt at the moment; why not exploit the serendipity?


  Three, it's completely
untrusted input and shouldn't be fed to eval(). 

This is the crucial point, and the reason I asked the question to begin with.

Lisp (which I'm used to) has the read-eval-print loop; I think that my confusion was because:

1. Python's eval(X) is essentially the same as Lisp's (eval (read-from-string X)), not Lisp's (eval X) or Lisp's (read-from-string X);
2. The '[' character that begins a list should actually be read as a function call, not a data delimiter. (Which, in the context of list comprehensions, makes a lot of sense as I think about it.)


Four, it's not actually
complicated code (using the csv module would probably be simpler).

I'll look into the csv module.

And, it may not be complicated on an absolute scale, but Chris' re.* method turned one line of code into about 15; that's certainly a non-trivial increase in complexity.


Five, you have to stop thinking of it a "list
object".  It's just a string of bytes which happens at this point in time to
intersect with the definition of a Python list.  You're trying to wish it
was something that it's not.

I must be confused here. If I call the following function:

  eval('[1, 2, 3]')

what does that function call return, if not a list object?

Sure, the string isn't a list object; it's a string of bytes that happens to be syntactically identical to the definition of a list in python code. I was hoping for a clean and safe way to exploit that identical-ness; apparently, all the clean ways are unsafe, and all the safe ways are unclean.


B.


--
Brendon Towle, PhD
Cognitive Scientist
+1-412-690-2442x127
Carnegie Learning, Inc.
The Cognitive Tutor Company ®
Helping over 375,000 students in 1000 school districts succeed in math.


-- 
http://mail.python.org/mailman/listinfo/python-list

Reply via email to