<p>如果您定义:</p>
<pre class="lang-py prettyprint-override"><code>def fstr(template):
return eval(f"f'{template}'")
</code></pre>
<p>然后你可以:</p>
<pre class="lang-py prettyprint-override"><code>name=["deep","mahesh","nirbhay"]
user_input = r"certi_{element}" # this string i ask from user
for element in name:
print(fstr(user_input))
</code></pre>
<p>作为输出:</p>
<pre><code>certi_deep
certi_mahesh
certi_nirbhay
</code></pre>
<p>但请注意,用户可以在模板中使用表达式,例如:</p>
<pre class="lang-py prettyprint-override"><code>import os # assume you have used os somewhere
user_input = r"certi_{os.environ}"
for element in name:
print(fstr(user_input))
</code></pre>
<p>你绝对不想要这个!</p>
<p>因此,更安全的选择是定义:</p>
<pre class="lang-py prettyprint-override"><code>def fstr(template, **kwargs):
return eval(f"f'{template}'", kwargs)
</code></pre>
<p>不再可能使用任意代码,但用户仍然可以使用字符串表达式,如:</p>
<pre class="lang-py prettyprint-override"><code>user_input = r"certi_{element.upper()*2}"
for element in name:
print(fstr(user_input, element=element))
</code></pre>
<p>作为输出:</p>
<pre><code>certi_DEEPDEEP
certi_MAHESHMAHESH
certi_NIRBHAYNIRBHAY
</code></pre>
<p>这在某些情况下可能是需要的。</p>