- changed status to resolved
disallow any dunders in the python snippets
Issue #33
resolved
There is a very nice article explaining some of the dangers with eval here:
http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
It looks like removing any dunders from the snippets should give an added measure of protection from Bad Things Happening(TM).
Realistically this is not a major concern at this point as all of our users are internal.
Comments (1)
-
reporter - Log in to comment
implemented in dev branch