On Sun, Jan 4, 2009 at 6:46 PM, Tino Wildenhain t...@wildenhain.de wrote:
mario wrote:
On Jan 3, 7:16 am, Steven D'Aprano st...@remove-this-
cybersource.com.au wrote:
I was about to make a comment about this being a security hole,
Strange that you say this, as you are also implying that
mario wrote:
On Jan 3, 7:16 am, Steven D'Aprano st...@remove-this-
cybersource.com.au wrote:
I was about to make a comment about this being a security hole,
Strange that you say this, as you are also implying that *all* the
widely-used templating systems for python are security holes...
On Jan 3, 7:16 am, Steven D'Aprano st...@remove-this-
cybersource.com.au wrote:
I was about to make a comment about this being a security hole,
Strange that you say this, as you are also implying that *all* the
widely-used templating systems for python are security holes... Well,
you would be
correction: the code posted in previous message should have been:
def __getitem__(self, expr):
try:
return eval(self.codes[expr], self.globals, self.locals)
except:
# We want to catch **all** evaluation errors!
# KeyError, NameError,
On Sat, 03 Jan 2009 04:14:14 -0800, mario wrote:
On Jan 3, 7:16 am, Steven D'Aprano st...@remove-this-
cybersource.com.au wrote:
[...]
I must say though, your choice of builtins to prohibit seems rather
arbitrary. What is dangerous about (e.g.) id() and isinstance()?
Preventive, probably.
What do you mean by 'fail'?
you have;
:: self.codes = {}
so
:: try:
::return eval(self.codes[expr], self.globals, self.locals)
will always return an exception the first time (if this is what you're
referring to).
--
http://mail.python.org/mailman/listinfo/python-list
On Fri, 02 Jan 2009 17:29:29 -0800, mario wrote:
Hi,
below is the essence of a an expression evaluator, by means of a getitem
lookup. The expression codes are compiled and cached -- the lookup is
actually recursive, and the first time around it will always fail.
import sys
class