[Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote! (original) (raw)
Eric V. Smith eric+python-dev at trueblade.com
Wed Mar 14 14:55:28 CET 2007
- Previous message: [Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote!
- Next message: [Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Eric V. Smith wrote:
Nick Coghlan wrote:
Feature: Exception raised if attribute with leading underscore accessed.
The syntax supported by the PEP is deliberately limited in an attempt to increase security. This is an additional security measure, which is on by default, but can be optionally disabled if string.flagformat() is used instead of 'somestring'.format(). -0 This is only an issue if implicit access to locals()/globals() is permitted, and is unlikely to help much in that case (underscores are rarely used with local variables, and those are the most likely to contain juicy information which may be leaked) That's not true. What this feature is trying to prevent is access to attributes of the passed in objects. For example:
I should have said "It's not an issue only if locals()/globals() are allowed". It is true that automatic locals()/globals() magnifies this issue, but it exists even without it.
Eric.
- Previous message: [Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote!
- Next message: [Python-3000] Proposed changes to PEP3101 advanced string formatting -- please discuss and vote!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]