Wildemar Wildenburger wrote: > Steve Lianoglou wrote: > > Delaney, Timothy (Tim) wrote: > >> This is just asking for trouble. > >> > >> my_list = eval('import shutil; shutil.rmtree('/')') > > > > Hah .. wow. > > > > And in related news: you still shouldn't be taking candy from > > strangers. > > > > Point well taken. Thanks for flagging that one. > > Heck, whenever *is* it OK to use eval() then?
1. When you deliberately want to give the user power to run Python code. (For example, I've written an HTML generator--who hasn't--that uses eval and exec to expand in-line Python code. Perfectly ok as long as you don't let untrusted users run the program.) 2. When you construct Python code within your program using no untrusted data Carl Banks -- http://mail.python.org/mailman/listinfo/python-list