On 23/01/2023 18:02, Chris Angelico wrote:
On Tue, 24 Jan 2023 at 04:56, Johannes Bauer <dfnsonfsdu...@gmx.de> wrote:
Hi there,
is there an easy way to evaluate a string stored in a variable as if it
were an f-string at runtime?
...
This is supposedly for security reasons. However, when trying to emulate
this behavior that I wanted (and know the security implications of), my
solutions will tend to be less secure. Here is what I have been thinking
about:
If you really want the full power of an f-string, then you're asking
for the full power of eval(), and that means all the security
implications thereof, not to mention the difficulties of namespacing.
Have you considered using the vanilla format() method instead?
But if you really REALLY know what you're doing, just use eval()
directly. I don't really see what you'd gain from an f-string. At very
least, work with a well-defined namespace and eval whatever you need
in that context.
Maybe, rather than asking for a way to treat a string as code, ask for
what you ACTUALLY need, and we can help?
ChrisA
Fair enough, Chris, but still ISTM that it is reasonable to ask (perhaps
for a different use-case) whether there is a way of evaluating a string
at runtime as if it were an f-string. We encourage people to ask
questions on this list, even though the answer will not always be what
they're hoping for.
I appreciate that the answer may be "No, because it would be a lot of
work - and increase the maintenance burden - to support a relatively
rare requirement".
Perhaps someone will be inspired to write a function to do it. 😎
Best wishes
Rob Cliffe
--
https://mail.python.org/mailman/listinfo/python-list
