Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.chainon-marquant.org!news-transit.tcx.org.uk!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'received:verizon.net': 0.07; 'system;': 0.07; 'terry': 0.07; 'python': 0.08; 'builtin': 0.09; 'none.': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'subject:string': 0.09; 'am,': 0.12; 'skip:[ 20': 0.12; '"from': 0.16; 'ast': 0.16; 'dangerous.': 0.16; 'eval': 0.16; 'expression.': 0.16; 'reedy': 0.16; 'remember.': 0.16; 'tuples,': 0.16; 'wrote:': 0.18; '>>>': 0.18; 'once,': 0.18; 'convert': 0.19; 'jan': 0.19; 'subject:list': 0.21; 'maybe': 0.21; 'header:In- Reply-To:1': 0.22; 'literal': 0.23; 'string': 0.24; 'command': 0.24; 'consist': 0.24; 'module': 0.26; 'import': 0.27; 'accessible': 0.29; 'replaced': 0.29; 'problem': 0.29; 'letting': 0.30; 'strings,': 0.30; 'list': 0.32; 'header:User-Agent:1': 0.33; 'header:X-Complaints-To:1': 0.33; 'to:addr:python-list': 0.34; 'someone': 0.34; 'safely': 0.34; 'something': 0.35; 'lists,': 0.35; 'window': 0.35; 'subject:How': 0.35; 'operating': 0.35; 'keyboard': 0.37; 'but': 0.37; 'think': 0.37; 'problems': 0.37; 'easiest': 0.38; 'received:org': 0.38; 'being': 0.39; 'to:addr:python.org': 0.40; 'type': 0.61; 'your': 0.61; 'provided': 0.62; 'dangerous': 0.64; 'evaluate': 0.71; ',and': 0.84; 'node': 0.84; 'otten': 0.84; 'tucked': 0.84 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Terry Reedy Subject: Re: How convert a list string to a real list Date: Wed, 30 Nov 2011 17:12:10 -0500 References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Gmane-NNTP-Posting-Host: pool-74-109-121-73.phlapa.fios.verizon.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 48 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1322691152 news.xs4all.nl 6966 [2001:888:2000:d::a6]:58504 X-Complaints-To: abuse@xs4all.nl Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:16454 On 11/30/2011 3:58 AM, Peter Otten wrote: > Terry Reedy wrote: > >> On 11/30/2011 1:20 AM, =E9=83=AD=E5=86=9B=E6=9D=83 wrote: >>> Good after >>> I have a string liststr =3D '["aaaa","bbbb","ccc"]' ,and I need conve= rt it >>> to a list like list =3D ["aaaa","bbbb","ccc"],what can id do? >> >> The easiest -- and most dangerous -- way is >> >>> eval('["aaaa","bbbb","ccc"]') >> ['aaaa', 'bbbb', 'ccc'] >> >> But DO NOT eval unexamined strings from untrusted sources. The reason = is >> that it is much the same as letting an untrusted person sit unsupervis= ed >> as the keyboard of your computer with a command window open. You would= >> not want to eval >> "from os import system; system('')" >> where '' is replaced by something obnoxious for your >> operating system. > > You can avoid these problems with ast.literal_eval(): > > literal_eval(node_or_string) > Safely evaluate an expression node or a string containing a Python= > expression. The string or node provided may only consist of the > following Python literal structures: strings, numbers, tuples, lis= ts, > dicts, booleans, and None. I keep forgetting that someone thought to solve the problem of eval=20 being both convinient and dangerous. Maybe if I type it once, I will=20 remember. >>> import ast >>> ast.literal_eval('["aaaa","bbbb","ccc"]') ['aaaa', 'bbbb', 'ccc'] I think it would be better if safe_eval were available as an easily=20 accessible builtin and dangerous_eval were tucked away in a module ;-). --=20 Terry Jan Reedy