You're right. Didn't look closely enough at it in my phone. Still don't think i'd recommend this in a general solution, though. You effectively have to white-list code snippets. Not very useful.
On Nov 26, 2016 7:51 PM, "Michael Torrie" <torr...@gmail.com> wrote: > On 11/26/2016 06:26 PM, Nathan Ernst wrote: > > Sure, what if the input used a double quote instead of single, cursory > > glance looks like it might vulnerable. > > Either a single quote or a double quote would not pass the sanitizer. Or > am I misunderstanding you? > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list