W. Martin Borgert wrote:
> Even if I limit the available commands? I use:
> eval(argument, {"__builtins__": None}, CalcMacro._localdict)
> _localdict contains some Python built-ins and math functions.Yes, don't do that. There's currently no sensible way to make eval() safe (short of writing your own version). There was a kind of contest at some point where people tried to write arbitrary programs using only a single eval() (can't find the link ATM, but it was quite... enlightening). And no, there doesn't seem to be a way to restrict the available symbols. IIRC, you can always find a way to access __import__, which gives you access to all the rest. -- Remy
signature.asc
Description: OpenPGP digital signature
