Michael Spencer wrote: > * this means that, eval("sys.exit()") will likely stop your > interpreter, and > there are various other inputs with possibly harmful consequences. > > Concerns like these may send you back to your original idea of doing > your own expression parsing.
I use something along these lines: def safe_eval(expr, symbols={}): return eval(expr, dict(__builtins__=None, True=True, False=False), symbols) import math def calc(expr): return safe_eval(expr, vars(math)) >>> calc("2+3*(4+5)*(7-3)**2") 434 >>> calc("sin(pi/2)") 1.0 >>> calc("sys.exit()") Traceback (most recent call last): File "<stdin>", line 1, in ? File "<stdin>", line 2, in calc File "<stdin>", line 2, in safe_eval File "<string>", line 0, in ? NameError: name 'sys' is not defined >>> calc("0x1000 | 0x0100") 4352 -- Giovanni Bajo -- http://mail.python.org/mailman/listinfo/python-list