On 20/06/13 03:38, Steven D'Aprano wrote:
On 20/06/13 10:21, Devin Jeanpierre wrote:
they're doing -- it omits things like advice to do with security,
including neglecting to declare that functions are not safe and can
execute arbitrary Python code,
I think it is perfectly acceptable for the Python documentation to
assume that anyone reading it will understand that calling a function
executes code.
I took it that Devin was referring to specific functions such as
v2.x input() that execute or evaluate the input parameters
as arbitrary code. I don't think he meant the fact that functions in
general execute code.
eg. Help on input() says:
Help on built-in function input in module __builtin__:
input(...)
input([prompt]) -> value
Equivalent to eval(raw_input(prompt)).
(END)
There is no explicit mention that it is insecure or that it will execute
it's input argument as code other than the reference to eval() which a
beginner might not understand.
--
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
