Martin v. Löwis <mar...@v.loewis.de> added the comment: > But using non-__builtin__.str objects (such as UserString) would expose the > user to an attack?
Not necessarily: only if they use these strings as dictionary keys, and only if they do so in contexts where arbitrary user input is consumed. In these cases, users need to rewrite their code to replace the keys. Using dictionary wrappers (such as UserDict), this is possible using only local changes. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13703> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
