>>>>> "FL" == Fredrik Lundh <fredrik@pythonware.com> writes:
FL> combine 1, 2, and 3 with _getframe(), and you have a
FL> feature that crackers are going to love...
Why?
I've added a note that you should never use no-arg .sub() on strings
that come from untrusted sources. Are there any other specific
security concerns you can identify?
-Barry