summaryrefslogtreecommitdiffstats
path: root/Modules/_decimal
diff options
context:
space:
mode:
authorFlorian Bruhin <me@the-compiler.org>2020-10-06 14:21:56 (GMT)
committerGitHub <noreply@github.com>2020-10-06 14:21:56 (GMT)
commita8bf44d04915f7366d9f8dfbf84822ac37a4bab3 (patch)
tree125751f9aff69c9fcdca241b285ff0827cbf30e7 /Modules/_decimal
parent2ef5caa58febc8968e670e39e3d37cf8eef3cab8 (diff)
downloadcpython-a8bf44d04915f7366d9f8dfbf84822ac37a4bab3.zip
cpython-a8bf44d04915f7366d9f8dfbf84822ac37a4bab3.tar.gz
cpython-a8bf44d04915f7366d9f8dfbf84822ac37a4bab3.tar.bz2
bpo-41944: No longer call eval() on content received via HTTP in the UnicodeNames tests (GH-22575)
Similarly to GH-22566, those tests called eval() on content received via HTTP in test_named_sequences_full. This likely isn't exploitable because unicodedata.lookup(seqname) is called before self.checkletter(seqname, None) - thus any string which isn't a valid unicode character name wouldn't ever reach the checkletter method. Still, it's probably better to be safe than sorry.
Diffstat (limited to 'Modules/_decimal')
0 files changed, 0 insertions, 0 deletions