Chris Lambacher wrote: > On Wed, Aug 09, 2006 at 11:51:19AM -0400, Brendon Towle wrote: > > On 9 Aug 2006, at 11:04 AM, Chris Lambacher wrote: > > > > How is your data stored? (site was not loading for me). > > > > In the original source HTML, it's like this (I've deleted all but the > > beginning and the end of the list for clarity): > > var table_body = [ > > ["ATVI", "Activision, Inc.",12.75,0.150000,1.19,2013762,0.04,"N","N"] > > ,["YHOO", "Yahoo! Inc.",27.7,0.260000,0.95,6348884,0.21,"N","N"] > > ]; > I didn't realize it was javascript syntax, a json implimentation would > probably work for you: http://cheeseshop.python.org/pypi/simplejson > > > > > More sophisiticated situations (like nested lists) may require > > something > > like pyparsing. > > > > I could do that, or I could do something like the re.* trick mentioned by > > another poster. But, doesn't it offend anyone else that the only clean > > way > > to access functionality that's already in Python is to write long > > complicated Python code? Python already knows how to extract a list > > object > > from a string; why should I have to rewrite that? > I don't disagree with you. The problem is that the obvious way to do it > (eval) is a big security hole. In this case you are trusting that no one > inserts themselves between you and the website providing you with code to > EXECUTE. I have heard of people attempting to use the parser provided with > python and examining the AST to do this, but I think that approach is even > more complicated. > > B. > > > > On Wed, Aug 09, 2006 at 10:23:49AM -0400, Brendon Towle wrote: > > > > Slawomir Nowaczyk noted: > > #> Heck, whenever *is* it OK to use eval() then? > > eval is like optimisation. There are two rules: > > Rule 1: Do not use it. > > Rule 2 (for experts only): Do not use it (yet). > > So, that brings up a question I have. I have some code that goes > > out to a > > website, grabs stock data, and sends out some reports based on the > > data. > > Turns out that the website in question stores its data in the > > format of a > > Python list > > ([1][1]http://quotes.nasdaq.com/quote.dll?page=nasdaq100, search > > the source for "var table_body"). So, the part of my code that > > extracts > > the data looks something like this: > > START_MARKER = 'var table_body = ' > > END_MARKER = '];' > > def extractStockData(data): > > pos1 = data.find(START_MARKER) > > pos2 = data.find(END_MARKER, pos1) > > return eval(data[pos1+len(START_MARKER):END_MARKER]) > > (I may have an off-by-one error in there somewhere -- this is from > > memory, > > and the code actually works.) > > My question is: what's the safe way to do this? > > B. > > -- > > Brendon Towle, PhD > > Cognitive Scientist > > +1-412-690-2442x127 > > Carnegie Learning, Inc. > > The Cognitive Tutor Company ® > > Helping over 375,000 students in 1000 school districts succeed in > > math. > > References > > Visible links > > 1. [2]http://quotes.nasdaq.com/quote.dll?page=nasdaq100 > > > > -- > > [3]http://mail.python.org/mailman/listinfo/python-list > > > > -- > > Brendon Towle, PhD > > Cognitive Scientist > > +1-412-690-2442x127 > > Carnegie Learning, Inc. > > The Cognitive Tutor Company ® > > Helping over 375,000 students in 1000 school districts succeed in math. > > > > References > > > > Visible links > > 1. http://quotes.nasdaq.com/quote.dll?page=nasdaq100 > > 2. http://quotes.nasdaq.com/quote.dll?page=nasdaq100 > > 3. http://mail.python.org/mailman/listinfo/python-list
Fredrik Lundh posted a great piece of code to parse a subset of python safely: http://groups.google.ca/group/comp.lang.python/browse_frm/thread/8e427c5e6da35c/a34397ba74892b4e Peace, ~Simon -- http://mail.python.org/mailman/listinfo/python-list