Quoting "Remy Blank" <remy.bl...@pobox.com>:
Yes, don't do that. There's currently no sensible way to make eval() safe (short of writing your own version).
I see.
IIRC, you can always find a way to access __import__, which gives you access to all the rest.
At least the naive way is blocked:
eval("__import__()", {"__builtins__": None})
Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<string>", line 1, in <module> NameError: name '__import__' is not defined Anyway, I will look into a PyParsing based solution. Still, I'm more than curious to learn how to break eval(), but this a Python issue, not a Trac one. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-us...@googlegroups.com. To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.