问题描述:

Is it possible to use json to execute code? For example can I pass a code object into it or something along those lines?

I guess my question is how does python evaluate json objects, and can this be used to run code?

I want to make sure passing information with json is safe from remote execution.

网友答案:

If you have a Unicode string that contains JSON text; it is always safe (as far as any C code that accepts user input can be) to pass it to json.loads().

Where you pass the results of json.loads() is up to you: if you want to interpret the received data as code; you can do it.

相关阅读:
Top