mirror of https://github.com/python/cpython
gh-118633: Add warning regarding the unsafe usage of eval and exec (GH-118437)
* Add warning regarding the unsafe usage of eval * Add warning regarding the unsafe usage of exec * Move warning under parameters table * Use suggested shorter text Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com> * Use suggested shorter text Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com> * Improve wording as suggested --------- Co-authored-by: Kirill Podoprigora <kirill.bast9@mail.ru> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
This commit is contained in:
parent
d4b6d84cc8
commit
00e5ec0d35
|
@ -594,6 +594,11 @@ are always available. They are listed here in alphabetical order.
|
|||
:returns: The result of the evaluated expression.
|
||||
:raises: Syntax errors are reported as exceptions.
|
||||
|
||||
.. warning::
|
||||
|
||||
This function executes arbitrary code. Calling it with
|
||||
user-supplied input may lead to security vulnerabilities.
|
||||
|
||||
The *expression* argument is parsed and evaluated as a Python expression
|
||||
(technically speaking, a condition list) using the *globals* and *locals*
|
||||
mappings as global and local namespace. If the *globals* dictionary is
|
||||
|
@ -650,6 +655,11 @@ are always available. They are listed here in alphabetical order.
|
|||
|
||||
.. function:: exec(source, /, globals=None, locals=None, *, closure=None)
|
||||
|
||||
.. warning::
|
||||
|
||||
This function executes arbitrary code. Calling it with
|
||||
user-supplied input may lead to security vulnerabilities.
|
||||
|
||||
This function supports dynamic execution of Python code. *source* must be
|
||||
either a string or a code object. If it is a string, the string is parsed as
|
||||
a suite of Python statements which is then executed (unless a syntax error
|
||||
|
|
Loading…
Reference in New Issue