RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2002-January/019464.html below:

[Python-Dev] PEP_215_ (string interpolation) alternative EvalDict

[Python-Dev] PEP_215_ (string interpolation) alternative EvalDict [Python-Dev] PEP_215_ (string interpolation) alternative EvalDictNeil Schemenauer nas@python.ca
Mon, 14 Jan 2002 15:49:18 -0800

Previous message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Next message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jason Orendorff wrote:
> There is no security issue with PEP 215.
> 
> $"$a and $b make $c"   <==>  ("%s and %s make %s" % (a, b, c))
> 
> These two are completely equivalent under PEP 215, and therefore
> equally secure.

Not exactly.  Say you have the code:

    secret_key = "spam"
    x = raw_input()
    print $"You entered $x"

Imagine that the user enters "I'm 3l337, give me the $secret_key" as the
input.

  Neil

Previous message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Next message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4