eval | 易学教程

Matlab Attempt to execute script as a function

阅读更多关于 Matlab Attempt to execute script as a function

问题 I have a matlab script, lets call it "master.m", that loads a file called "config.m". config.m contains all the variables used in master.m so that they can be changed easily without editing any of the code. Problem is, I am trying to get the main function in master.m to load config.m based on the user input. So basically I want the user to be able to specify the name of the file to load. For instance if config.m was called testing.m then the user could type at the matlab prompt: >> master

getScript or eval in specific location?

阅读更多关于 getScript or eval in specific location?

问题 I was wondering if eval (or some variant of jQuery's getScript) can be used to position external javascript in places other than the end of the DOM or at the head. I've tried: var head = document.getElementById("fig"); instead of var head = document.getElementsById("head")[0]; with var script = document.createElement("script"); script.text = $(".code").val(); head.appendChild(script); But I can't seem to get it to work regardless. (The code does work, but Firebug shows the code being replaced

python-Flask模版注入攻击SSTI(python沙盒逃逸)

阅读更多关于 python-Flask模版注入攻击SSTI(python沙盒逃逸)

一篇以python Flask 模版渲染为例子的SSTI注入教学~ 0x01 Flask使用和渲染这里简化了flask使用和渲染的教程只把在安全中我们需要关注的部分写出来来一段最简单的FLASK运行代码: 很简单的flask使用将url的qing和方法绑定返回"qing - Flask test"字符串说一下模版渲染Jinja2中变量控制结构 {% %} 变量取值 {{ }} 注释 {# #} jinja2模板中使用 {{ }} 语法表示一个变量，它是一种特殊的占位符。当利用jinja2进行渲染的时候，它会把这些特殊的占位符进行填充/替换，jinja2支持python中所有的Python数据类型比如列表、字段、对象等 inja2中的过滤器可以理解为是 jinja2里面的内置函数和字符串处理函数。被两个括号包裹的内容会输出其表达式的值再来看看ssti中我们需要关注的渲染方法和模版 flask的渲染方法有 render_template 和 render_template_string 两种 render_template()用来渲染指定的文件: return render_template('index.html') render_template_string则是用来渲染字符串 html = '<h1>This is a String</h1>'

北京地铁线路规划系统——总结

阅读更多关于北京地铁线路规划系统——总结

目录项目概况数据流分析文件结构与存储结构文件结构存储结构站点信息业务逻辑实现（subwayFunction.py）数据预处理 dijkstra算法输出文件异常处理前端搭建结果呈现本地测试 web端测试项目概况 Github项目源代码地址： https://github.com/NewWesternCEO/beijing_subway/ web端直接访问地址： http://54.162.90.89:8010 该项目在Python3.6环境下开发若不通过web端进行访问，在下载源码后运行 app.py 代码即可代码的运行需要先安装好Flask库与numpy库，可以在以下方式中二选一进行安装 Numpy库可以通过 pip install Numpy 进行安装 Flask库可以通过 pip install Flask 进行安装在虚拟环境下建议使用 pip install -r requirements.txt 命令从requirements.txt文件中自动安装所有所需库数据流分析由于该工程所需要处理的数据较少，且数据处理过程为实时处理，因此不采用数据库进行存储。文件结构与存储结构文件结构 └── SubwayApp │ └── pycache │ └── static //项目资源 │ │ └── css │ │ └── images │ │

Security considerations using “new Function(…)” (during rendertime, expression coming from my Javascript sources)

阅读更多关于 Security considerations using “new Function(…)” (during rendertime, expression coming from my Javascript sources)

问题 I'd like to use new Function(...) to generate a function from very reduced code. I'l like to do this to avoid parsing the expression on my own and being as flexible as possible. I avoid eval() whenever possible. But I'm not sure if it's secure enough to use new Function(...) which is also known as being liable to security holes. Background I want to manage the states of menu buttons. So, while defining the buttons, I'd like to write something like { ..., // More button definition state:

What does the asterisk do in Python other than multiplication and exponentiation? [duplicate]

阅读更多关于 What does the asterisk do in Python other than multiplication and exponentiation? [duplicate]

This question already has an answer here: asterisk in function call 3 answers proper name for python * operator? 7 answers In Peter Norvig's Lisp interpreter written in Python ( http://norvig.com/lispy.html ), he defines Lisp's eval as follows: def eval(x, env=global_env): "Evaluate an expression in an environment." if isa(x, Symbol): # variable reference return env.find(x)[x] elif not isa(x, list): # constant literal return x elif x[0] == 'quote': # (quote exp) (_, exp) = x return exp elif x[0] == 'if': # (if test conseq alt) (_, test, conseq, alt) = x return eval((conseq if eval(test, env)

How do Chrome and Firefox print the object's class name in the console?

阅读更多关于 How do Chrome and Firefox print the object's class name in the console?

问题 If I create a Foo class using "traditional" Javascript classes, both chrome and Firefox will show the Foo name when printing Foo instances on the console: function Foo(){ this.x = 10; } console.log(new Foo()); // Foo {x: 10} On the other hand, if I use hand rolled prototypal inheritance then I don't get the helpful name when debugging function mkClass(init, proto){ return function(/**/){ var obj = Object.create(proto); init.apply(obj, arguments); return obj; } } var Bar = mkClass(function(){

Convert list of positions [4, 1, 2] of arbitrary length to an index for a nested list

阅读更多关于 Convert list of positions [4, 1, 2] of arbitrary length to an index for a nested list

Assuming this list nestedList = ["a", "b", [1, 2, 3], "c",[4, 5, 6, [100, 200, 300]], "d"] I have a function that returns a position list for a nested list of arbitrary depth. Examples : [2, 1] -> "2" [5] -> "d" [4, 3, 2] -> "300" As you can see it is not clear in the beginning how many levels of nesting there are. Additional Problem For list modifications I want to use the [:] or [4:] or [0:1] notations. For a human its very easy to do: simply add as many index position as you need to. nestedList[2][1] nestedList[5] nestedList[4][3][2] nestedList[4][1:] = NewItem + nestedList[4][1:] #insert

Convert list of positions [4, 1, 2] of arbitrary length to an index for a nested list

阅读更多关于 Convert list of positions [4, 1, 2] of arbitrary length to an index for a nested list

问题 Assuming this list nestedList = ["a", "b", [1, 2, 3], "c",[4, 5, 6, [100, 200, 300]], "d"] I have a function that returns a position list for a nested list of arbitrary depth. Examples : [2, 1] -> "2" [5] -> "d" [4, 3, 2] -> "300" As you can see it is not clear in the beginning how many levels of nesting there are. Additional Problem For list modifications I want to use the [:] or [4:] or [0:1] notations. For a human its very easy to do: simply add as many index position as you need to.

Alternative to eval in Python

阅读更多关于 Alternative to eval in Python

问题 Python eval is quite slow. I need to evaluate simple boolean expression with logical operators (like "True or False"). I am doing this for thousands of line of data and eval is a huge bottleneck in terms of performance. It's really slow.. Any alternative approaches? I tried creating a dict of possible expression combinations and their expected output, but this is really ugly! I have the following code at the moment: eval('%s %s %s' % (True, operator, False)) 回答1: import operator ops = { 'or':

订阅 eval