Peter Otten wrote:
> DomF wrote:> > >>>>I'm not allowed to use eval or exec.>>>>>>- write to a file>>>- load the file as module :-)>>>>This made me laugh out loud after reading all the heavy duty parsing>>options, is that bad?> > > It's just like eval and exec in that it allows to execute untrusted code.> > Peter
Would it be safe to use eval but within a namespace with no globals or
locals? Then the expression could only include literals.
Actually, builtins would be visible too. And you don't want to eval
"[ file('important_file','w') ]" !
But I think there's a way to hide builtins as well, although I forget
what it is.