Bob Gailer wrote:
> Alan Gauld wrote:
>> input() by contrast reads the string input by the user and tries
>> to evaluate it as a Python expression. Thus if the user typed
>>
>> import os;os.system('format c:\')
>>
> Err... are you confusing eval with exec?
>
> input( [prompt])
>
> Equivalent to eval(raw_input(prompt)).
Yes he is but it doesn't matter; how about
__import__('os').system('format c:\')
?
See the many discussions about safe eval on comp.lang.python for more
examples of evil things you can do with eval.
Kent
_______________________________________________
Tutor maillist - [email protected]
http://mail.python.org/mailman/listinfo/tutor
