Why should exec() and eval() be avoided?

Question

I\'ve seen this multiple times in multiple places, but never have found a satisfying explanation as to why this should be the case.

So, hopefully, one will be prese

Answer 1

Try this in the interactive interpreter and see what happens:

>>> import sys
>>> eval('{"name" : %s}' % ("sys.exit(1)"))

Of course, this is a corner case, but it can be tricky to prevent things like this.