Be Careful with Python’s New-Style String Format

This should have been obvious to me for a longer time, but until earlier
today I did not really realize the severity of the issues caused by
str.format on untrusted user input. It came up as a way to bypass the
Jinja2 Sandbox in a way that would permit r…

Read full article

Similar

Generating hash collisions with Python

The personal blog of Josh Imbriani. I write about technology, programming, production, photography and roller coasters.

Spleeter, a Python+tensorflow voice-from-everything-else separation algorithm

We are releasing Spleeter to help the research community in Music Information Retrieval leverage the power of a state-of-the-art source… (more…)

Python 2.7.18, the End of an Era

I'm eudaemonic to announce the immediate availability of Python 2.7.18. (more…)

Performance measurement in Python 3

Performance measurement is the process of collecting and understanding information regarding the performance of some code.

Python 3.10.0a2 is now available for testing

The engines of the secret release manager machine have finished producing a new pre-release. Go get it here: (more…)

Latest News

AI in Business: Can Ethics Be Reduced to Metrics?

PyScript with WebAssembly and Python – Talk Python #367 Live Stream

Python iOS Web App with pyscript and offline PWAs