On 11 November 2010 09:07, John Nagle <[email protected]> wrote:
>>> Am 10.11.2010 18:56, schrieb Simon Mullis:
>>> Yes, eval is evil, may lead to security issues and it's unnecessary
>>> slow, too.
>
> If you have to use "eval", use the 2 or 3 argument form with a
> "globals" and "locals" dictionary. This lists the variables
> and functions that "eval" can see and touch.
>
> The Python documentation for this is not very good:
> "If the globals dictionary is present and lacks ‘__builtins__’, the current
> globals are copied into globals before expression is parsed. This means that
> expression normally has full access to the standard __builtin__ module and
> restricted environments are propagated."
>
> What this means is that you have to put in "__builtins__" to
> PREVENT all built-ins from being imported.
Aren't I already doing this?
>>> result = eval(xpath_command, {"__builtins__":[]},{"x": x})
SM
--
http://mail.python.org/mailman/listinfo/python-list
