Input is not safe

[zwang20]

Malicious code may be injected into the program through the function input

[Edward-Ji]

Partially fixed. Call to classes like Func(), Var() won't run. However, calls to built-in functions like print() still create unwanted results.

[Edward-Ji]

Python's built-in eval() method is notorious for its lack of security. There are multiple ways to improve it. If we require better security and functionality, we tend to need fancier methods. For starters, we can make it somewhat safer by limiting the environment. We can pass maths variables and functions as arguments instead of evaluating them in a global scope. If we demand even better security, we may need to convert to a standard library parse, like the one in ast. Or even better, we should write a custom parser. The rabbit hole just gets deeper and deeper.