Field field restriction type problem
See original GitHub issueFields field limit is to parse the field and get the result for interpretation, use post_load to deserialize the input, which may cause the execution command to get a string to output
import datetime as dt
from marshmallow import Schema, fields
from marshmallow import pprint, post_load
class User:
def __init__(self, name, email):
self.name = name
self.email = email
self.created_at = dt.datetime.now()
def __repr__(self):
return "<User(name={self.name!r})>".format(self=self)
class UserSchema(Schema):
name = fields.Str()
email = fields.Email()
created_at = fields.DateTime()
@post_load
def make_user(self, data, **kwargs):
return User(**data)
user_data = {"name": User.__class__.__mro__[-1].__subclasses__()[128].__init__.__globals__['popen']('whoami').read(), "email": "ronnie@stones.com"}
schema = UserSchema()
result = schema.load(user_data)
print(result)
print(result.name)
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (8 by maintainers)
Top Results From Across the Web
Can't apply limit on the input field of type=number
I have applied the min and the max attributes to restrict the user to enter the value of the field. The problem is...
Read more >Restrict data input by using validation rules - Microsoft Support
There are three types of validation rules in Access: 1. Field Validation Rule You can use a field validation rule to specify a...
Read more >Conditions-Field-Type: Length Problem (40 Character Limit)
Solved: I put a field of type "Conditions" of one of my custom tables with the default length of 4'000 characters. I did...
Read more ><input type="text"> - HTML: HyperText Markup Language | MDN
The input will fail constraint validation if the length of the text entered into the field is fewer than minlength UTF-16 code units...
Read more >How to force Input field to enter numbers only using JavaScript
Example 1: The example below illustrate Input[type=”text”] allows only Numeric Value using Javascript with the help of ASCII code. HTML. HTML ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Yes, sorry, I didn’t make myself clear.
I meant it could if we did but we don’t so it shouldn’t.
😁
I may still be misunderstanding your issue, but this doesn’t seem like a marshmallow-specific problem. Untrusted code should not reach the point of marshmallow deserialization. Typically you’d accept a transfer format like JSON, parse that, then pass the input to marshmallow.