Terry J. Reedy <tjre...@udel.edu> added the comment: It has been some time since literal_eval literally only evaluated literals. 'constant_eval' might be a better name now, with the proviso of 'safely, in reasonable time'.
>>> from ast import literal_eval as le >>> le('(1,2,3)') (1, 2, 3) >>> le('(1,2, (3,4))') (1, 2, (3, 4)) I believe there was once a time when a simple tuple would be evaluated, while a nested one would not be. "It is not capable of evaluating arbitrarily complex expressions, for example involving operators or indexing." I do not read this as prohibiting all operators, but rather that now all will be accepted. >>> le(2**2) ... ValueError: malformed node or string: 4 Exponentiation of ints can take exponential time and can be used for denial of service attacks. >>> le('2017-10-10') 1997 This is correct. For '2017-10-10' to be a string representing a date, it must be quoted as a string in the code. >>> le("'2017-10-10'") '2017-10-10' Rolling back previous enhancements would break existing code, so a deprecation period would be required. But I would be inclined to instead update the doc to match the updated code better. Lets see what others think. ---------- nosy: +benjamin.peterson, brett.cannon, ncoghlan, terry.reedy, yselivanov type: behavior -> enhancement versions: -Python 3.4, Python 3.5, Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31778> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com