Python's eval() function

BackRaw · Postby **BackRaw** » Thu Jun 04, 2015 11:57 pm

Hi all,

I remember back in the EventScripts days that the use of Python's eval() function was a 'potential risk' or something like that. I wonder if this is still true for SP because I want to make a calculator lol

Postby **necavi** » Fri Jun 05, 2015 12:03 am

It absolutely is. There's no true way to sandbox it, but you can do things to help restrict it if you like.

BackRaw · Postby **BackRaw** » Fri Jun 05, 2015 12:15 am

necavi wrote:It absolutely is. There's no true way to sandbox it, but you can do things to help restrict it if you like.

True, but I'm not sure how I would go about that one tho

Postby **necavi** » Fri Jun 05, 2015 12:20 am

Read up on it? SourcePython's eval is the same as any other python eval, to my knowledge. There's a fuckton of information on the internet for you.

BackRaw · Postby **BackRaw** » Fri Jun 05, 2015 12:22 am

Maybe sometime.

Mahi · Postby **Mahi** » Fri Jun 05, 2015 1:00 pm

You're better off parsing a string, looking for calculations, rather than trying to use eval on it.

Postby **satoon101** » Fri Jun 05, 2015 1:25 pm

Not 100% sure of what you are looking to do, but you 'could' also create a temp.py file within your plugins directory with a variable equaling the equation and try to import that value.

stonedegg · Postby **stonedegg** » Fri Jun 05, 2015 6:56 pm

I heard ast.literal_eval() is better

Postby **Ayuto** » Fri Jun 05, 2015 7:14 pm

Well, it does not allow you to use operators.

Check the docs: https://docs.python.org/3.4/library/ast.html#ast.literal_eval

BackRaw · Postby **BackRaw** » Fri Jun 05, 2015 10:58 pm

I'll go with parsing the string i have an idea

Python's eval() function

Python's eval() function

Who is online