In another thread sciurius suggested a change to the safe_eval() code. I have no objections. I think trying to make everything in a bit of code is pretty much "going down the rabbit hole" stuff. And, frankly, a lot of the discussions are beyond my little brain. And, even more, I sort of expect people using MMA to be honest
That said, sciurius suggests that using empty __builtins__ makes eval() safe. It is echoed in this post:
http://lybniz2.sourceforge.net/safeeval.htmlI'm pretty sure that it is "safe enough". But, of course, if you read posts like:
https://stackoverflow.com/questions/35804961/python-eval-is-it-still-dangerous-if-i-disable-builtins-and-attribute-accessthere are the pundits who err on the safe (no pun intended) side and suggest that no eval() can ever be made safe.
Remembering that I did write my mma code for this many years ago, perhaps it's time for a re-eval (opps, more puns). I think I'll go with the suggestion. Comments before commit?
Oh, it was also suggested to add a call to fetch env variables. Yes, that's a good idea. I think I would use that for getting the values mma is using already. Not sure what other values would be useful, but it seems pretty easy to do.
Comments?