"Warren DeLano" <[EMAIL PROTECTED]> writes: > I would like to parse arbitrary insecure text string containing > nested Python data structures in eval-compatible form:
It sounds like you want the ‘json’ library, new in Python 2.6 <URL:http://www.python.org/doc/current/library/json>. It's intended for serialising and deserialising text streams for *data only* (not executable code). > # But I know for certain that the above approach is NOT secure since > object attributes can still be accessed... More generally, you should never execute (via eval, exec, or whatever) *any* instruction from an untrusted path; especially not arbitrary data from an input stream. -- \ “A hundred times every day I remind myself that […] I must | `\ exert myself in order to give in the same measure as I have | _o__) received and am still receiving” —Albert Einstein | Ben Finney -- http://mail.python.org/mailman/listinfo/python-list
