[Zope] python script, from string to dictionary.
Chris Withers
chris at simplistix.co.uk
Thu Feb 7 05:25:07 EST 2008
Bill Campbell wrote:
> On Thu, Feb 07, 2008, Stefano Guglia wrote:
>> hello!
>>
>> I converted a dictionary in a string, and now I need to change back the
>> same string as a dictionary in a zope python script.
>
> s = repr(d)
> newdict = eval(s)
NO!
Never ever ever eval strings. At some point you will end up eval'ing an
user-supplied string and hey presto - instant massive security
vulnerability.
The original post is a bit crap, since no mention was made as to how the
dict was turned into a string. As to what he wants to do with this and
why he's doing it, that's likely the source of the real problem!
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list