#13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py. Patch...

diff --git a/Misc/NEWS b/Misc/NEWS
index 16ddf41e288c81a2c2a6e6eaba1311073cf5fbb0..d8821b0e5cad0f4e274d0688cae14d429d590a96 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -530,6 +530,12 @@ Build
 
 - Issue #14437: Fix building the _io module under Cygwin.
 
+Tools/Demos
+-----------
+
+- Issue #13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py
+  Patch by Serhiy Storchaka.
+
 Documentation
 -------------
 

diff --git a/Tools/i18n/msgfmt.py b/Tools/i18n/msgfmt.py
index 5dd5430a5242d4341f1fde7c430982fcfbb5f237..8c9b9dc9a34170fe8f6f1f3afc1c0f30192cce1b 100755 (executable)
--- a/Tools/i18n/msgfmt.py
+++ b/Tools/i18n/msgfmt.py
@@ -25,8 +25,9 @@ Options:
         Display version information and exit.
 """
 
-import sys
 import os
+import sys
+import ast
 import getopt
 import struct
 import array
@@ -170,8 +171,7 @@ def make(filename, outfile):
         l = l.strip()
         if not l:
             continue
-        # XXX: Does this always follow Python escape semantics?
-        l = eval(l)
+        l = ast.literal_eval(l)
         if section == ID:
             msgid += l
         elif section == STR: