@@ -1591,20 +1591,28 @@ and classes for traversing abstract syntax trees:
15911591
15921592..function ::literal_eval(node_or_string)
15931593
1594- Safely evaluate an expression node or a string containing a Python literal or
1594+ Evaluate an expression node or a string containing only a Python literal or
15951595 container display. The string or node provided may only consist of the
15961596 following Python literal structures: strings, bytes, numbers, tuples, lists,
15971597 dicts, sets, booleans, and ``None ``.
15981598
1599- This can be used for safely evaluating strings containing Python values from
1600- untrusted sources without the need to parse the values oneself. It is not
1601- capable of evaluating arbitrarily complex expressions, for example involving
1602- operators or indexing.
1599+ This can be used for evaluating strings containing Python values without the
1600+ need to parse the values oneself. It is not capable of evaluating
1601+ arbitrarily complex expressions, for example involving operators or
1602+ indexing.
1603+
1604+ This function had been documented as "safe" in the past without defining
1605+ what that meant. That was misleading. This is specifically designed not to
1606+ execute Python code, unlike the more general:func: `eval `. There is no
1607+ namespace, no name lookups, or ability to call out. But it is not free from
1608+ attack: A relatively small input can lead to memory exhaustion or to C stack
1609+ exhaustion, crashing the process. There is also the possibility for
1610+ excessive CPU consumption denial of service on some inputs. Calling it on
1611+ untrusted data is thus not recommended.
16031612
16041613 ..warning ::
1605- It is possible to crash the Python interpreter with a
1606- sufficiently large/complex string due to stack depth limitations
1607- in Python's AST compiler.
1614+ It is possible to crash the Python interpreter due to stack depth
1615+ limitations in Python's AST compiler.
16081616
16091617 ..versionchanged ::3.2
16101618 Now allows bytes and set literals.