Skip to content

Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Apr 1, 2024
Merged

Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
27b10c4
Deprecate eval(), replacing it with lambda_eval() and unsafe_eval()
radarhere Mar 25, 2024
a7e82cb
Removed "In the current version"
radarhere Mar 25, 2024
f932cb8
Added danger alerts
radarhere Mar 25, 2024
f6596d5
Added release notes and document deprecation
radarhere Mar 25, 2024
8f3860c
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Apr 1, 2024
f5eeeac
Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in depr…
hugovk Apr 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Added danger alerts
  • Loading branch information
@radarhere @hugovk
radarhere authored and hugovk committed Apr 1, 2024
commit f932cb895fcfa369461e6829230a0e22dace8a31
26 changes: 16 additions & 10 deletions docs/reference/ImageMath.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,13 @@ Example: Using the :py:mod:`~PIL.ImageMath` module

.. py:function:: unsafe_eval(expression, environment)

Evaluates an image expression. This uses Python's ``eval()`` function to process
the expression string, and carries the security risks of doing so. It is not
recommended to process expressions without considering this.
:py:meth:`~lambda_eval` is a more secure alternative.
Evaluates an image expression.

.. danger::
This uses Python's ``eval()`` function to process the expression string,
and carries the security risks of doing so. It is not
recommended to process expressions without considering this.
:py:meth:`lambda_eval` is a more secure alternative.

:py:mod:`~PIL.ImageMath` only supports single-layer images. To process multi-band
images, use the :py:meth:`~PIL.Image.Image.split` method or
Expand All @@ -69,14 +72,17 @@ Example: Using the :py:mod:`~PIL.ImageMath` module
Expression syntax
-----------------

:py:meth:`~lambda_eval` expressions are functions that receive a dictionary containing
images and operators.
* :py:meth:`lambda_eval` expressions are functions that receive a dictionary
containing images and operators.

:py:meth:`~unsafe_eval` expressions are standard Python expressions, but they’re
evaluated in a non-standard environment.
* :py:meth:`unsafe_eval` expressions are standard Python expressions,
but they’re evaluated in a non-standard environment.

In both cases, you can use Pillow methods as usual, plus the following set of operators
and functions.
.. danger::
:py:meth:`unsafe_eval` uses Python's ``eval()`` function to process the
expression string, and carries the security risks of doing so.
It is not recommended to process expressions without considering this.
:py:meth:`lambda_eval` is a more secure alternative.

Standard Operators
^^^^^^^^^^^^^^^^^^
Expand Down