Security vulnerability in str.format in Python

This should have been obvious to me for a longer time, but until earlier
today I did not really realize the severity of the issues caused by
str.format on untrusted user input. It came up as a way to bypass the
Jinja2 Sandbox in a way that would permit r…

Similar

Python Is Not Java

I was recently looking at the source of a wxPython-based GUI application, about 45.5KLOC in size, not counting the libraries used (e.g. Twisted). The code was written by Java developers who are relatively new to Python, and it suffers from some performanc... (more…)

Read more »