Just enough Python to write displays
Project description
DisplayLang
The problem: Support a limited subset of the Python language, powerful enough to allow authors to conveniently build HTML displays based on SymPy classes, but limited enough to offer a reasonable expectation of safe evaluation.
We call the language "DisplayLang". It was originally designed for authoring example explorers in Proofscape, but it attempts to solve a fairly general problem, so should be more broadly useful.
In fact the set of AllowedCallable
s for SymPy functions and classes which
can be used in Proofscape is defined in the
pfsc-examp project, not here.
This project is more foundational, defining AST node traversers, providing
the basic framework for defining AllowedCallable
s, and defining these for
built-in Python functions and methods.
The language
The syntax is defined by three things:
- Which statement and expression types in the Python language we support.
- Which callables we allow to be called.
- For the allowed callables, what types the arguments are allowed to be, and, when they are strings, what regexes the strings must match.
The reason for paying special attention to string arguments is that there are functions that are definitely unsafe if they can be passed arbitrary strings, but are probably safe as long as either we don't allow strings to be passed at all, or we allow only strings of certain restricted forms.
Of course we need to be careful about built-in Python callables, such
as exec
and eval
, not to mention things like os.system
. So our overall
solution is to ban all function calls outside a finite, curated, set of
approved calls. The set is expected to grow over time, in response to user
demand.
Among banned statement types are import
statements, which supports the
providing of only a finite, curated set of available names.
Getting started
Better docs are on the way, but for now we offer the following hints for getting started:
-
See the
displaylang.build.DisplayLangProcessor.process()
method, for the core code that processes a string of DisplayLang.- See also the
displaylang.build.make_displaylang_processor()
convenience function for building aDisplayLangProcessor
instance.
- See also the
-
Check out the
displaylang.allow.AllowedCallable.__init__()
method to see how anAllowedCallable
is defined.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file displaylang-0.24.1.tar.gz
.
File metadata
- Download URL: displaylang-0.24.1.tar.gz
- Upload date:
- Size: 32.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.8.16
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e2876d95819c6b55fa1cd4b0cb128e0eedd9aafd75a5eec159228f43eb398894 |
|
MD5 | 32aa758bbec081c89d6c3b7368f33019 |
|
BLAKE2b-256 | f05588118b0cd38bc8ffbe7581e143b4156379f7b9daad0e7f29f226f3999a38 |
File details
Details for the file displaylang-0.24.1-py3-none-any.whl
.
File metadata
- Download URL: displaylang-0.24.1-py3-none-any.whl
- Upload date:
- Size: 33.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.8.16
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5c64a3272d9476aa7259f36b1505ac8ffb90667dacf46bdd119ec5433805ef75 |
|
MD5 | f2f69194309b934e0037491e09eb2309 |
|
BLAKE2b-256 | 1295aa6a53248cf8814ec28c875b6495d5961720b969901f8f86571471a6af3a |