Michael Spencer wrote:
> * this means that, eval("sys.exit()") will likely stop your
> interpreter, and
> there are various other inputs with possibly harmful consequences.
>
> Concerns like these may send you back to your original idea of doing
> your own expression parsing.
I use something along these lines:
def safe_eval(expr, symbols={}):
return eval(expr, dict(__builtins__=None, True=True, False=False), symbols)
import math
def calc(expr):
return safe_eval(expr, vars(math))
>>> calc("2+3*(4+5)*(7-3)**2")
434
>>> calc("sin(pi/2)")
1.0
>>> calc("sys.exit()")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "<stdin>", line 2, in calc
File "<stdin>", line 2, in safe_eval
File "<string>", line 0, in ?
NameError: name 'sys' is not defined
>>> calc("0x1000 | 0x0100")
4352
--
Giovanni Bajo
--
http://mail.python.org/mailman/listinfo/python-list
