On Mon, May 20, 2013 at 5:55 PM, Carlos Nepomuceno <carlosnepomuc...@outlook.com> wrote: > I understand your motivation but I don't know what protection > ast.literal_eval() is offering that eval() doesn't.
eval will *execute code*, while literal_eval will not. That's the protection. With ast.literal_eval, all that can happen is that it produces a single result value. In this case, unfortunately, that's insufficient; a comparison needs to be done, ergo it's not an entire literal. But something else in the ast module may be able to serve, or maybe literal_eval can do the bulk of the work. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
