convert_a_string_to_a_list
Differences
This shows you the differences between two versions of the page.
| convert_a_string_to_a_list [2023/02/26 03:27] – created raju | convert_a_string_to_a_list [2023/02/26 03:28] (current) – [ast.literaltype] raju | ||
|---|---|---|---|
| Line 28: | Line 28: | ||
| > This function had been documented as “safe” in the past without defining what that meant. That was misleading. This is specifically designed not to execute Python code, unlike the more general eval(). There is no namespace, no name lookups, or ability to call out. But it is not free from attack: A relatively small input can lead to memory exhaustion or to C stack exhaustion, crashing the process. There is also the possibility for excessive CPU consumption denial of service on some inputs. Calling it on untrusted data is thus not recommended. | > This function had been documented as “safe” in the past without defining what that meant. That was misleading. This is specifically designed not to execute Python code, unlike the more general eval(). There is no namespace, no name lookups, or ability to call out. But it is not free from attack: A relatively small input can lead to memory exhaustion or to C stack exhaustion, crashing the process. There is also the possibility for excessive CPU consumption denial of service on some inputs. Calling it on untrusted data is thus not recommended. | ||
| - | |||
| - | See also: | ||
| - | * https:// | ||
convert_a_string_to_a_list.1677382041.txt.gz · Last modified: 2023/02/26 03:27 by raju