[Python-3000] Addition to PEP 3101 (original) (raw)

Jim Jewett jimjjewett at gmail.com
Tue May 1 20:39:59 CEST 2007

• Previous message: [Python-3000] Addition to PEP 3101
• Next message: [Python-3000] Addition to PEP 3101
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/1/07, Guido van Rossum <guido at python.org> wrote:

On 5/1/07, Jim Jewett <jimjjewett at gmail.com> wrote:

> There are some things you can safely do with even arbitrary objects -- > such as appending them to a list.

> By mentioning security as a reason to restrict the format, it suggests > that this is another safe context. It isn't.

But your presumption that the map is already evil makes it irrelevant whether the format is safe or not. Having the evil map is the problem, not passing it to the format operation.

Using a map was probably misleading. Let me rephrase:

While the literal string itself is safe, the format function is only as safe as the objects being formatted. The example below gets person.name; if the person object itself is malicious, then even this attribute access could run arbitrary code.

 "My name is {0.name}".format(person)

-jJ

• Previous message: [Python-3000] Addition to PEP 3101
• Next message: [Python-3000] Addition to PEP 3101
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-3000 mailing list