Be Careful with Python’s New-Style String Format

This should have been obvious to me for a longer time, but until earlier
today I did not really realize the severity of the issues caused by
str.format on untrusted user input. It came up as a way to bypass the
Jinja2 Sandbox in a way that would permit r…

Read full article

Similar

My favorite terrible Python error message

Students in my Python classes occasionally get the following error message: TypeError: object() takes no parameters This error message is technically true, as I’ll explain in a moment. But it’s surprising and confusing for people who are new to Python, be... (more…)

“Extending Python with Rust” by Samuel Cormier-Iijima [video]

Have you ever wanted lightning-fast code, without the segfaults and tedious boilerplate of C? Then come learn why so many Pythonistas are excited about Rust,...

Python Internationalization – Localizing Transactional Email Templates

Leverage Python, Jinja and i18n Ally to define, localize, and preview transactional emails... (more…)

Discover Python and Patterns (22): Animations – Design Patterns and Video Games

I show how to trigger animations in our game using the Observer pattern. Implementation with Python and Pygame. (more…)

MetPy: Using Python to Understand the Weather (Interview)

What's the weather tomorrow? That's the question that meteorologists are always trying to get better at answering. This week the developers of MetPy discuss how their project is used in that quest and the challenges that are inherent in atmospheric and we... (more…)

Latest News

Deploy your Rust app with one-line, for free

OS Workerd, Cloudflare’s JavaScript/WASM Runtime

Clearview AI, Used by Police to Find Criminals, Is Now in Public Defenders’ Hand