#13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py. Patch by Serhiy Storchaka.

2 files changed, 9 insertions, 3 deletions

diff --git a/Misc/NEWS b/Misc/NEWS
index 16ddf41..d8821b0 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -530,6 +530,12 @@ Build
 
 - Issue #14437: Fix building the _io module under Cygwin.
 
+Tools/Demos
+-----------
+
+- Issue #13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py
+  Patch by Serhiy Storchaka.
+
 Documentation
 -------------
 
diff --git a/Tools/i18n/msgfmt.py b/Tools/i18n/msgfmt.py
index 5dd5430..8c9b9dc 100755
--- a/Tools/i18n/msgfmt.py
+++ b/Tools/i18n/msgfmt.py
@@ -25,8 +25,9 @@ Options:
         Display version information and exit.
 """
 
-import sys
 import os
+import sys
+import ast
 import getopt
 import struct
 import array
@@ -170,8 +171,7 @@ def make(filename, outfile):
         l = l.strip()
         if not l:
             continue
-        # XXX: Does this always follow Python escape semantics?
-        l = eval(l)
+        l = ast.literal_eval(l)
         if section == ID:
             msgid += l
         elif section == STR: