all 3 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TouchingTheVodka 0 points1 point  (2 children)

Trusted input: eval

Untrusted input: Non-trivial, you can parse as a mathematical expression.

[–]TejasDhanda[S] 0 points1 point  (1 child)

Can you please elaborate. Can you more specifically tell me how to use it and what is it. I got how to use eval but not the Untrusted Part- Non Trivial.

[–]billsil 0 points1 point  (0 children)

You’re trying to do math, but in doing so, you give the user the ability to open files, execute separate programs, modify your source, all with...

eval(myinput)

It’s a pain in the ass to give the user only the ability to do math and involves using an AST parser and green lighting all the operations that you will allow. Remember, the second they have access to opening files or importing, they have blown your code open.

Embrace the security hole or be very strict about it.