[pythonvis] Re: Box program rewritten after code review

• From: James Scholes <james@xxxxxxxxxxxxx>
• To: pythonvis@xxxxxxxxxxxxx
• Date: Fri, 23 May 2014 00:19:47 +0100

Hi Jeffrey,

Just to note that for security reasons, it is better, in Python 2 at
least, to use the raw_input function instead of input.  Anything typed
by the user when the input function is used is evaluated as Python code.
 To try it out, you can use your program to print some data which you
didn't intend it to print, like this:

c:\>python box.py
I will now draw a box for you, with pretty plus signs for the corners,
dashes for the top and bottom, and bars for the sides.

How wide would you like the box to be?
__import__('sys').stdout.write("This isn't supposed to be here.\n")
This isn't supposed to be here.
How high would you like the box to be?

When asked how wide I wanted my box to be, I typed:
__import__('sys').stdout.write("This isn't supposed to be here.\n")
And Python did exactly as I had asked; it printed that message to
standard output, i.e. in my command window.  raw_input avoids this
issue, and is used exactly the same as the input function.

HTH.
-- 
James Scholes
http://twitter.com/JamesScholes
List web page is 
//www.freelists.org/webpage/pythonvis

To unsubscribe, send email to 
pythonvis-request@xxxxxxxxxxxxx with "unsubscribe" in the Subject field.

• References:
  • [pythonvis] Box program rewritten after code review
    • From: Jeffrey Turner

Other related posts:

• » [pythonvis] Box program rewritten after code review- Jeffrey Turner
• » [pythonvis] Re: Box program rewritten after code review - James Scholes

1. Home
2. pythonvis
3. Archive
4. 05-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---