Added danger alerts

This commit is contained in:
Andrew Murray 2024-03-26 06:16:09 +11:00 committed by Hugo van Kemenade
parent a7e82cbe9a
commit f932cb895f

View File

@ -46,10 +46,13 @@ Example: Using the :py:mod:`~PIL.ImageMath` module
.. py:function:: unsafe_eval(expression, environment) .. py:function:: unsafe_eval(expression, environment)
Evaluates an image expression. This uses Python's ``eval()`` function to process Evaluates an image expression.
the expression string, and carries the security risks of doing so. It is not
recommended to process expressions without considering this. .. danger::
:py:meth:`~lambda_eval` is a more secure alternative. This uses Python's ``eval()`` function to process the expression string,
and carries the security risks of doing so. It is not
recommended to process expressions without considering this.
:py:meth:`lambda_eval` is a more secure alternative.
:py:mod:`~PIL.ImageMath` only supports single-layer images. To process multi-band :py:mod:`~PIL.ImageMath` only supports single-layer images. To process multi-band
images, use the :py:meth:`~PIL.Image.Image.split` method or images, use the :py:meth:`~PIL.Image.Image.split` method or
@ -69,14 +72,17 @@ Example: Using the :py:mod:`~PIL.ImageMath` module
Expression syntax Expression syntax
----------------- -----------------
:py:meth:`~lambda_eval` expressions are functions that receive a dictionary containing * :py:meth:`lambda_eval` expressions are functions that receive a dictionary
images and operators. containing images and operators.
:py:meth:`~unsafe_eval` expressions are standard Python expressions, but theyre * :py:meth:`unsafe_eval` expressions are standard Python expressions,
evaluated in a non-standard environment. but theyre evaluated in a non-standard environment.
In both cases, you can use Pillow methods as usual, plus the following set of operators .. danger::
and functions. :py:meth:`unsafe_eval` uses Python's ``eval()`` function to process the
expression string, and carries the security risks of doing so.
It is not recommended to process expressions without considering this.
:py:meth:`lambda_eval` is a more secure alternative.
Standard Operators Standard Operators
^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^