TIL - Python's ast.literal_eval Is the Safe Alternative to eval()

Using eval() on untrusted strings can execute malicious code. ast.literal_eval safely evaluates strings containing Python literals (dicts, lists, tuples, strings, numbers, booleans, and None).

import ast

user_input = "{'name': 'Alice', 'roles': ['admin', 'user']}"

# Safe: only parses literals. Will fail on functions or variables.
parsed = ast.literal_eval(user_input)

print(parsed['roles'])  # ['admin', 'user']

Always use ast.literal_eval when you need to parse strings that look like Python data structures.