On Mon, 2007-10-08 at 21:19 +0200, Tor Erik Sønvisen wrote: > Hi, > > I've tried locating some code that can recreate an object from it's > string representation... > The object in question is really a dictionary containing other > dictionaries, lists, unicode strings, floats, ints, None, and > booleans. > > I don't want to use eval, since I can't trust the source sending the > object.
You could still use eval, but run a separate algorithm first to make sure the string is "legal." For example, you could whip up a simple PyParsing grammar to restrict the set of allowable strings, or compile the string into byte code and inspect the byte code to look for red flags like LOAD_NAME (with a name other than None) and CALL_FUNCTION. HTH, -- Carsten Haese http://informixdb.sourceforge.net -- http://mail.python.org/mailman/listinfo/python-list
