a = "[[1,2], [3,4], [5,6], [7,8], [9,0]]"
b = eval(a)
print b
[[1, 2], [3, 4], [5, 6], [7, 8], [9, 0]][Finished in 0.2s]
a = "{1: 'a', 2: 'b'}"
b = eval(a)
print b
print type(b)
{1: 'a', 2: 'b'}
-----风险-------
eval强大的背后,是巨大的安全隐患!!! 比如说,用户恶意输入下面的字符串
open(r'D://filename.txt', 'r').read()
__import__('os').system('dir')
__import__('os').system('rm -rf /etc/*')
a = "__import__('os').system('dir')"
b = eval(a)
print b
print type(b)
Volume in drive D has no label. Volume Serial Number is 66B4-8B5C
Directory of D:\AlamTW\study\python
13/06/2017 PM 03:23
------所以用ast.literal_eval代替----
import ast
a = "open('test.py').read()"
# b = eval(a)
b = ast.literal_eval(a)
print b
print type(b)
ValueError: malformed string
好文推荐
发表评论