[Zope] python script, from string to dictionary.

Chris Withers chris at simplistix.co.uk
Thu Feb 7 05:25:07 EST 2008


Bill Campbell wrote:
> On Thu, Feb 07, 2008, Stefano Guglia wrote:
>> hello!
>>
>> I converted a dictionary in a string, and now I need to change back the
>> same string as a dictionary in a zope python script.
> 
> s = repr(d)
> newdict = eval(s)

NO!

Never ever ever eval strings. At some point you will end up eval'ing an 
user-supplied string and hey presto - instant massive security 
vulnerability.

The original post is a bit crap, since no mention was made as to how the 
dict was turned into a string. As to what he wants to do with this and 
why he's doing it, that's likely the source of the real problem!

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk


More information about the Zope mailing list