Question

为什么我收到评估注射错误？

<nav class="navbar navbar-expand-lg navbar-light">


    <div class="navbar-header">
      <button class="navbar-toggler" data-toggle="collapse" data-target="#navbarMenu">
                <span class="navbar-toggler-icon">
                </span>
    </button>
    </div>


    <ul class="navbar-brand order-md-last" style="margin-top: 5px;">

      <img src="logo.png" class="centered-navbar-image" width="75" />

    <h1 class="navbar-brand">brand 1</h1>
    <h1 class="navbar-brand">brand 2</h1>
    </ul>


    <div class="collapse navbar-collapse ml-auto" id="navbarMenu">
      <ul class="navbar-nav">
        <li class="nav-item">
          <a href="index.html" class="nav-link">Home</a>
        </li>

        <li class="nav-item">
          <a href="about_us.html" class="nav-link">About Us</a>
        </li>

        <li class="nav-item">
          <a href="contact_us.html" class="nav-link">Contact Us</a>
        </li>

        <li class="nav-item">
          <a href="services.html" class="nav-link">Products</a>
        </li>
      </ul>

    </div>



  </nav>

Answer 1

使用ast.literal_eval代替eval。

代码：

from ast import literal_eval as eval
if len(sys.argv) > 1:
     eval(sys.argv[1])(logger, *sys.argv[2:])

Eval is dangerous

动态评估代码中指令的不正确中和（“评估注入”）

1 个答案: