From: Niklas Norrthon on
On 8 Sep, 05:39, Steven D'Aprano
<ste...(a)> wrote:
> On Mon, 07 Sep 2009 01:54:09 -0700, Niklas Norrthon wrote:
> > Others have answered how to replace '\\n' with '\n'. For a more general
> > approach which will handle all string escape sequences allowed in python
> > (including '\xdd' and similar), python's eval can be used:
> eval can do so much more than handle escape sequences:

Yes, eval is really cool :-)

> quoted_string = ') or __import__("os").system("echo \'Pwn3d\';#rm -rf /"'
> print eval('str(%s)' % quoted_string)
> Every (bad) programmer should pass untrusted strings to eval as a quick
> and unsafe way to do trivial transformations.

It all depends on the origin of the strings of course.

I must admit that I didn't think of str.decode('string_escape') which
of course is the "correct" way to solve the problem (after inspecting
a sample of the input data to make sure it conforms to the
specification, and isn't rtf or some such).

I probably should decrease the volume of quick and dirty one time
hacks I produce...


From: Scott David Daniels on
D'Arcy J.M. Cain wrote:
> On Mon, 7 Sep 2009 15:29:23 +1000
> "jwither" <jwither(a)> wrote:
>> Given a string (read from a file) which contains raw escape sequences,
>> (specifically, slash n), what is the best way to convert that to a parsed
>> string, where the escape sequence has been replaced (specifically, by a
>> NEWLINE token)?
> I don't know what your actual requirement is but maybe this fits:
> exec("print '%s'" % x)

Lots of fun when preceded by:
x = "'; sys.exit(); print 'b"

or far nastier things. Exec is the same level of dangerous as eval.

--Scott David Daniels