Carl Banks wrote:
> Wildemar Wildenburger wrote:
>> Heck, whenever *is* it OK to use eval() then?
>
> 2. When you construct Python code within your program using no
> untrusted data
Ok, I had never even thought of that. Makes me itch to try it right now :).
wildemar
--
http://mail.python.org/m
Date: 9 Aug 2006 14:12:01 -0700From: "Simon Forman" <[EMAIL PROTECTED]>Subject: Re: Eval (was Re: Question about using python as a scripting language)To: python-list@python.orgMessage-ID: <[EMAIL PROTECTED]>Content-Type: text/plain; charset="iso-8859-1"Fredrik Lundh
Carl Banks wrote:
> Delaney, Timothy (Tim) wrote:
>> Steve Lianoglou wrote:
>>
>>> So, for instance, you can write:
>>> my_list = eval('[1,2,3,4]')
>>
>> This is just asking for trouble.
>>
>> my_list = eval('import shutil; shutil.rmtree('/')')
>
> Fortunately, that won't work because eval exp
Chris Lambacher wrote:
> On Wed, Aug 09, 2006 at 11:51:19AM -0400, Brendon Towle wrote:
> >On 9 Aug 2006, at 11:04 AM, Chris Lambacher wrote:
> >
> > How is your data stored? (site was not loading for me).
> >
> >In the original source HTML, it's like this (I've deleted all but the
> >
Chris Lambacher wrote:
> On Wed, Aug 09, 2006 at 11:51:19AM -0400, Brendon Towle wrote:
> I don't disagree with you. The problem is that the obvious way to do it
> (eval) is a big security hole. In this case you are trusting that no one
> inserts themselves between you and the website providing
On 9 Aug 2006, at 12:03 PM, [EMAIL PROTECTED] wrote: Brendon> I could do that, or I could do something like the re.* trick Brendon> mentioned by another poster. But, doesn't it offend anyone else Brendon> that the only clean way to access functionality that's already Brendon> in Python
On Wed, Aug 09, 2006 at 11:51:19AM -0400, Brendon Towle wrote:
>On 9 Aug 2006, at 11:04 AM, Chris Lambacher wrote:
>
> How is your data stored? (site was not loading for me).
>
>In the original source HTML, it's like this (I've deleted all but the
>beginning and the end of the li
Brendon> I could do that, or I could do something like the re.* trick
Brendon> mentioned by another poster. But, doesn't it offend anyone else
Brendon> that the only clean way to access functionality that's already
Brendon> in Python is to write long complicated Python code? Python
On 9 Aug 2006, at 11:04 AM, Chris Lambacher wrote:How is your data stored? (site was not loading for me).In the original source HTML, it's like this (I've deleted all but the beginning and the end of the list for clarity):var table_body = [["ATVI", "Activision, Inc.",12.75,0.15,1.19,2013762,0.0
There were some mistakes in here. Thats what I get for repurposing existing
code for an example. The uncommented lines are changed.
On Wed, Aug 09, 2006 at 11:04:32AM -0400, Chris Lambacher wrote:
from pyparsing import Suppress, Regex, delimitedList, Forward, QuotedString,
Group
>
> stringValu
Delaney, Timothy (Tim) wrote:
> Steve Lianoglou wrote:
>
> > One thing you could do is use the eval or compile methods. These
> > functions let you run arbitray code passed into them as a string.
> >
> > So, for instance, you can write:
> > my_list = eval('[1,2,3,4]')
>
> This is just asking for t
Wildemar Wildenburger wrote:
> Steve Lianoglou wrote:
> > Delaney, Timothy (Tim) wrote:
> >> This is just asking for trouble.
> >>
> >> my_list = eval('import shutil; shutil.rmtree('/')')
> >
> > Hah .. wow.
> >
> > And in related news: you still shouldn't be taking candy from
> > strangers.
> >
>
skip> import re
skip> symbolinfo = []
skip> sympat = re.compile(
skip> r'\[',
Make that
r',?\['
Skip
--
http://mail.python.org/mailman/listinfo/python-list
How is your data stored? (site was not loading for me).
test = 'blah = [1,2,3,4,5]'
>>> var,val = test.split('=')
>>> print var,val
blah [1,2,3,4,5]
>>> val = val.strip('[] ')
>>> print val
1,2,3,4,5
>>> vals = [int(x) for x in val.split(',')]
>>> print vals
[1, 2, 3, 4, 5]
More sophisiticated
Brendon> Turns out that the website in question stores its data in the
Brendon> format of a Python list
Brendon> (http://quotes.nasdaq.com/quote.dll?page=nasdaq100, search the
Brendon> source for "var table_body"). So, the part of my code that
Brendon> extracts the data looks s
Slawomir Nowaczyk noted:#> Heck, whenever *is* it OK to use eval() then?eval is like optimisation. There are two rules:Rule 1: Do not use it.Rule 2 (for experts only): Do not use it (yet).So, that brings up a question I have. I have some code that goes out to a website, grabs stock data, and sends
Wildemar> Heck, whenever *is* it OK to use eval() then?
When you're sure of the validity of the string you are feeding it.
Unfortunately, the more you know about the string (and thus how valid it is
in your current context), the less you need eval. For example, if I know a
string s only cont
On Tue, 08 Aug 2006 14:32:32 +0200
Wildemar Wildenburger <[EMAIL PROTECTED]> wrote:
#> Steve Lianoglou wrote:
#> > Delaney, Timothy (Tim) wrote:
#> >> This is just asking for trouble.
#> >>
#> >> my_list = eval('import shutil; shutil.rmtree('/')')
#> >
#> > Hah .. wow.
#> >
#> > And in related n
Steve Lianoglou wrote:
> Delaney, Timothy (Tim) wrote:
>> This is just asking for trouble.
>>
>> my_list = eval('import shutil; shutil.rmtree('/')')
>
> Hah .. wow.
>
> And in related news: you still shouldn't be taking candy from
> strangers.
>
> Point well taken. Thanks for flagging that one.
Terry Reedy wrote:
> "heavydada" <[EMAIL PROTECTED]> wrote in message
>> I just need some way of
>> being able to read from the file what function the program needs to
>> call next. Any help is appreciated.
>
> Suppose you have a file actions.py with some action functions:
> def hop(self): ...
>
Delaney, Timothy (Tim) wrote:
> This is just asking for trouble.
>
> my_list = eval('import shutil; shutil.rmtree('/')')
Hah .. wow.
And in related news: you still shouldn't be taking candy from
strangers.
Point well taken. Thanks for flagging that one.
-steve
--
http://mail.python.org/mailma
Steve Lianoglou wrote:
> One thing you could do is use the eval or compile methods. These
> functions let you run arbitray code passed into them as a string.
>
> So, for instance, you can write:
> my_list = eval('[1,2,3,4]')
This is just asking for trouble.
my_list = eval('import shutil; shutil
"heavydada" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I'm writing a small game in python and I need to be able to run some
> scripts inside the game. In the game I have these creatures each with
> some attributes like name and weight and an action. Right now I'm
> saving all t
Hi,
> I was wondering how I can read
> commands from the XML file and then execute them in the game.
...
> I just need some way of
> being able to read from the file what function the program needs to
> call next. Any help is appreciated.
One thing you could do is use the eval or compile meth
24 matches
Mail list logo
