Python transfer code with json

Question

Is it possible to use json to execute code? For example can I pass a code object into it or something along those lines? I guess my question is how does python evaluate json objects, and can this be used to run code? I want to make sure passing information with json is safe from remote execution.

Answer 1

If you have a Unicode string that contains JSON text; it is always safe ^{(as far as any C code that accepts user input can be)} to pass it to json.loads().

Where you pass the results of json.loads() is up to you: if you want to interpret the received data as code; you can do it.