VimPlug/jedi
1
0
Fork 1
mirror of https://github.com/davidhalter/jedi.git synced 2026-05-24 17:28:36 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

note about security, fixes #38

Browse Source
This commit is contained in:
David Halter
2012-10-23 16:12:01 +02:00
parent 86eb8f24f7
commit 3de6603cf8
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.rst
+10
View File
@@ -136,6 +136,16 @@ the first time. If you want to speed it up, you could write import hooks in
jedi, which preloads this stuff. However, once loaded, this is not a problem jedi, which preloads this stuff. However, once loaded, this is not a problem
anymore. The same is true for huge modules like ``PySide``, ``wx``, etc. anymore. The same is true for huge modules like ``PySide``, ``wx``, etc.
Security is an important issue for Jedi. Therefore no Python code is executed.
As long as you write pure python, everything is evaluated statically. But: If
you use builtin modules (`c_builtin`) there is no other option than to execute
those modules. However: Execute isn't that critical (as e.g. in pythoncomplete,
which used to execute *every* import!), because it means one import and no
more. So basically the only dangerous thing is using the import itself. If your
`c_builtin` uses some strange initializations, it might be dangerous. But if it
does you're screwed anyways, because eventualy you're going to execute your
code, which executes the import.
A little history A little history
================ ================