At Barry's suggestion, plug the security leak by using an empty
__builtins__ for all calls to eval(). This still allows someone to write string.atof("[1]*1000000") (which Jim Fulton worries about) but effectively disables access to system modules and functions.
Showing
Please
register
or
sign in
to comment