Sep-13-2018, 04:57 AM
I mean that the users can write
range(3, 5)
but your code can parse the expression by using ast.parse()
and produce the list [3, 4]
. The code could traverse the abstract syntax tree to see if the expression entered by the user belongs to a set of allowed expression. That way, you can have the effect of eval()
without the risks.