On Sat, Nov 5, 2016 at 6:50 PM, Irmen de Jong wrote:
> Perhaps. But in those cases you could just leave things on the default.
> If you choose to run the interpreter with eval (and exec) disabled, you
> should be aware
> that you'll break tools like that. But for other situations (web server etc)
On 5-11-2016 19:08, eryk sun wrote:
> On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong wrote:
>> I think perhaps we should have a command line option / environment variable
>> to be able
>> to disable 'eval' altogether
>
> I don't think that's practical. exec and eval are commonly used by
> she
On Sat, Nov 5, 2016 at 5:33 PM, Irmen de Jong wrote:
> I think perhaps we should have a command line option / environment variable
> to be able
> to disable 'eval' altogether
I don't think that's practical. exec and eval are commonly used by
shells and IDEs such as IDLE and IPython. In the s
On 5-11-2016 18:12, Steve D'Aprano wrote:
> Well, that didn't take very long at all.
>
> Here's the first security bug which is related to the new (and badly
> misnamed) f-string feature:
>
> http://bugs.python.org/issue28563
I think perhaps we should have a command line option / environment va
Well, that didn't take very long at all.
Here's the first security bug which is related to the new (and badly
misnamed) f-string feature:
http://bugs.python.org/issue28563
Note what I'm not saying: I'm not saying that the bug is *caused* by
f-strings. It is not. The bug is actually caused by the
