| ▲ | bcoates 6 days ago | |
Right, and then if you do literally anything with the output other than print() to a tty, it’s an escaping/injection attack. any_func(f"{attacker_provided}") <=> eval(attacker_provided), from a security/correctness perspective | ||
| ▲ | saagarjha 4 days ago | parent [-] | |
How is this any different from any_func(attacker_provided) | ||