7 Feb
2008
7 Feb
'08
10:25 a.m.
Bill Campbell wrote:
On Thu, Feb 07, 2008, Stefano Guglia wrote:
hello!
I converted a dictionary in a string, and now I need to change back the same string as a dictionary in a zope python script.
s = repr(d) newdict = eval(s)
NO! Never ever ever eval strings. At some point you will end up eval'ing an user-supplied string and hey presto - instant massive security vulnerability. The original post is a bit crap, since no mention was made as to how the dict was turned into a string. As to what he wants to do with this and why he's doing it, that's likely the source of the real problem! cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk