René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Rephrase ast.literal_eval() to remove any security warranty","articleBody":"Currently, [ast.literal_eval() documentation](https://docs.python.org/dev/library/ast.html#ast.literal_eval) gives multiple security warranties:\r\n\r\n* **Safely** evaluate\r\n* This can be used for **safely** evaluating strings containing Python values from **untrusted sources**\r\n\r\nIMO that's plain wrong if you read the following RED WARNING:\r\n\r\n\u003e It is possible to **crash** the Python interpreter (...)\r\n\r\nThe documentation should be rephrased to only described the purpose of the function and make it very clear that it must NOT be used on untrusted sources.\r\n\r\nWe can follow the phrasing of the pickle documentation: https://docs.python.org/dev/library/pickle.html\r\n\r\n\u003e The pickle module is **not secure**. Only unpickle data you trust.\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-126729\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/vstinner","@type":"Person","name":"vstinner"},"datePublished":"2022-08-03T09:28:05.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":23},"url":"https://github.com/95588/cpython/issues/95588"}