使用
ast.literal_eval()解释包含了Python文字字符串:
>>> import ast>>> ast.literal_eval("['11', '20', '0']")['11', '20', '0']这样比较安全,因为使用
eval()它将拒绝解释任何 非 文字值的东西:
>>> eval("__import__('sys').version")'2.7.5 (default, Oct 28 2013, 20:45:48) n[GCC 4.2.1 (based on Apple Inc. build 5658) (LLVM build 2336.11.00)]'>>> ast.literal_eval("__import__('sys').version")Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/Users/mj/Development/Library/buildout.python/parts/opt/lib/python2.7/ast.py", line 80, in literal_eval return _convert(node_or_string) File "/Users/mj/Development/Library/buildout.python/parts/opt/lib/python2.7/ast.py", line 79, in _convert raise ValueError('malformed string')ValueError: malformed string
