{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 对你真心纯属浪费 的问题《python ast vs json for str to dict translation》','https://www.manongdao.com/q-862817.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a piece of code that receives a string formatted as a python dictionary
"{'a':'1','b':'2',...}"
which I need to convert to a proper dictionary.
I have tried two approaches, using json.loads(s) and ast.literal_eval(s)
ast seems to be much more robust, accepting any form of quotes in the string and "just works" while json seems to be very picky about the quoting specifics and wouldn't fail on only a single form of quote format. I really would like to be as flexible as possible with the input and thus prefer to use ast, however, some of my colleagues claim it might not be a "safe" module and function to use.
Can anyone advise on ast and ast.literal_eval() safety, especially compared to json.loads() ?
thanks
Use
ast.literal_eval()- it's designed to do what you want. JSON happens to work as the syntax matches, but that isn't something you should rely on.As to safety,
literal_eval()is specifically designed to be safe to use on data from untrusted sources. The first word of the docs, in fact, is 'Safely':Those that advised you against using it were probably thinking of
eval(), which is indeed unsafe.