通过Python的eval()运行JSON? [英] Running JSON through Python's eval()?

问题描述

除了最佳实践，是否有令人信服的理由不这样做?

Best practices aside, is there a compelling reason not to do this?

我正在编写一个与Google Code项目一起使用的提交后挂钩，该挂钩通过JSON对象提供提交数据. GC随请求(JSON数据之外)一起提供了HMAC身份验证令牌，因此，通过验证该令牌，我可以高度确信JSON数据既是良性的(因为不信任Google毫无用处)又是有效的.

I'm writing a post-commit hook for use with a Google Code project, which provides commit data via a JSON object. GC provides an HMAC authentication token along with the request (outside the JSON data), so by validating that token I gain high confidence that the JSON data is both benign (as there's little point in distrusting Google) and valid.

我自己的(简短的)调查表明，除了"\/"转义序列(GC似乎没有生成)之外，JSON碰巧是完全有效的Python.

My own (brief) investigations suggest that JSON happens to be completely valid Python, with the exception of the "\/" escape sequence — which GC doesn't appear to generate.

因此，当我使用Python 2.4(即没有json模块)时，eval()看起来确实很诱人.

So, as I'm working with Python 2.4 (i.e. no json module), eval() is looking really tempting.

作为记录，我非常不询问这是否是一个好主意.我相当知道它不是，而且我非常怀疑我是否会在将来的任何项目中使用这种技术，即使我最终将其用于此项目.我只是想确保我知道如果这样做会遇到什么样的麻烦. :-)

For the record, I am very much not asking if this is a good idea. I'm quite aware that it isn't, and I very much doubt I'll ever use this technique for any future projects even if I end up using it for this one. I just wanted to make sure that I know what kind of trouble I'll run into if I do. :-)

推荐答案

如果您对脚本可以在一段时间内正常工作感到满意，然后在某些晦涩的边缘情况下随机失败，则可以使用eval.

If you're comfortable with your script working fine for a while, and then randomly failing on some obscure edge case, I would go with eval.

如果重要的是代码要健壮，我会花时间添加simplejson.您不需要C部分来加快速度，因此确实不难将一些.py文件转储到某个目录中.

If it's important that your code be robust, I would take the time to add simplejson. You don't need the C portion for speedups, so it really shouldn't be hard to dump a few .py files into a directory somewhere.

作为一个可能会咬你的东西的示例，JSON使用Unicode，而simplejson返回Unicode，而eval返回str:

As an example of something that might bite you, JSON uses Unicode and simplejson returns Unicode, whereas eval returns str:

>>> simplejson.loads('{"a":1, "b":2}')
{u'a': 1, u'b': 2}
>>> eval('{"a":1, "b":2}')
{'a': 1, 'b': 2}

eval()表现不同的一个更好的例子:

a better example of where eval() behaves differently:

>>> simplejson.loads('{"X": "\uabcd"}')
{u'X': u'\uabcd'}
>>> eval('{"X": "\uabcd"}')
{'X': '\\uabcd'}
>>> simplejson.loads('{"X": "\uabcd"}') == eval('{"X": "\uabcd"}')
False

今天看到了SilentGhost指出的另一个问题:eval无法处理true-> true，false-> False，null->正确无.

Edit 2: saw yet another problem today pointed out by SilentGhost: eval doesn't handle true -> True, false -> False, null -> None correctly.

>>> simplejson.loads('[false, true, null]')
[False, True, None]
>>> eval('[false, true, null]')
Traceback (most recent call last):
  File "<interactive input>", line 1, in <module>
  File "<string>", line 1, in <module>
NameError: name 'false' is not defined
>>> 

这篇关于通过Python的eval()运行JSON?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！