Jim Washington wrote: > 4. List comprehensions might be troublesome, though it's not clear to me > how a DoS or exploit is possible with these.
see item 1. > Or is eval() simply too evil? yes. however, running a tokenizer over the source string and rejecting any string that contains unknown tokens (i.e. anything that's not a literal, comma, colon, or square or curly bracket) before evaluation might be good enough. (you can use Python's standard tokenizer module, or rip out the relevant parts from it and use the RE engine directly) </F> -- http://mail.python.org/mailman/listinfo/python-list
