On Fri, Sep 24, 2021 at 12:22 PM Stefan Ram <r...@zedat.fu-berlin.de> wrote: > > dn <pythonl...@danceswithmice.info> writes: > >With that, why not code it as Python expressions, and include the module? > > This might create a code execution vulnerability if such > files are exchanged between multiple parties. > > If code execution vulnerabilities and human-readability are > not an issue, then one could also think about using pickle. > > If one ignores security concerns for a moment, serialization into > a text format and subsequent deserialization can be a easy as: > > |>>> eval( str( [1, (2, 3)] )) > |[1, (2, 3)] >
One good hybrid is to take a subset of Python syntax (so it still looks like a Python script for syntax highlighting etc), and then parse that yourself, using the ast module. For instance, you can strip out comments, then look for "VARNAME = ...", and parse the value using ast.literal_eval(), which will give you a fairly flexible file format that's still quite safe. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
