RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2002-January/019518.html below:

[Python-Dev] PEP_215_ (string interpolation) alternative EvalDict

[Python-Dev] PEP_215_ (string interpolation) alternative EvalDict [Python-Dev] PEP_215_ (string interpolation) alternative EvalDictJason Orendorff jason@jorendorff.com
Tue, 15 Jan 2002 20:53:08 -0600

Previous message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Next message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> But your example suggests to me:
> 
> >>> input('?: ')
> ?: $'$os.system("rm -rm *" )'
> 
> I guess you need to special case that out of the compiler also.
> ( Are there any others lurking about ? )

The user could just as well type
  ?: os.system("rm -rf *")
and save some keystrokes.

input() is totally insecure.  Always has been.  Nothing new here.

## Jason Orendorff    http://www.jorendorff.com/

Previous message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Next message: [Python-Dev] PEP_215_ (string interpolation) alternative EvalDict
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4