Bill Campbell wrote:
On Thu, Feb 07, 2008, Stefano Guglia wrote:
hello!

I converted a dictionary in a string, and now I need to change back the
same string as a dictionary in a zope python script.

s = repr(d)
newdict = eval(s)

NO!

Never ever ever eval strings. At some point you will end up eval'ing an user-supplied string and hey presto - instant massive security vulnerability.

The original post is a bit crap, since no mention was made as to how the dict was turned into a string. As to what he wants to do with this and why he's doing it, that's likely the source of the real problem!

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to