使用ast.literal_eval()
解释包含了Python文字字符串:
>>> import ast
>>> ast.literal_eval("['11', '20', '0']")
['11', '20', '0']
这样比较安全,因为使用eval()
它将拒绝解释任何 非 文字值的东西:
>>> eval("__import__('sys').version")
'2.7.5 (default, Oct 28 2013, 20:45:48) \n[GCC 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.11.00)]'
>>> ast.literal_eval("__import__('sys').version")
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Users/mj/Development/Library/buildout.python/parts/opt/lib/python2.7/ast.py", line 80, in literal_eval
return _convert(node_or_string)
File "/Users/mj/Development/Library/buildout.python/parts/opt/lib/python2.7/ast.py", line 79, in _convert
raise ValueError('malformed string')
ValueError: malformed string