The pattern [\S\s]*? admits a lot. Why are you confident that it can't
contain a string that, for example, closes the function with an unbalanced
"}", then has an evil expression which evaluates, followed by an
unbalanced "{" so the whole thing still parses?
On Sun, Mar 22, 2015 at 7:38 AM, Andrea Giammarchi <
andrea.giammar...@gmail.com> wrote:
> Hi Mark, thanks for pointing that out but if I understand the problem
> correctly then the snippet I've suggested concatenates strings and will
> never produce those problematic syntax errors. Can I say it's still safe?
> Or do you think it might have some problem in Safari?
>
> Cheers
>
> On Sun, Mar 22, 2015 at 11:28 AM, Mark S. Miller <erig...@google.com>
> wrote:
>
>>
>>
>> On Sun, Mar 22, 2015 at 6:46 AM, Andrea Giammarchi <
>> andrea.giammar...@gmail.com> wrote:
>>
>>> There's no such functionality indeed but you might want to have a look
>>> at this gist: https://gist.github.com/WebReflection/8f227532143e63649804
>>>
>>> It gives you the ability to write `'test1 ${1 + 2} test2 ${3 + 4}'
>>> .template();` and read `test1 3 test2 7` or to pass an object similar
>>> to .Net String.format so that your Stack overflow code would be like the
>>> following:
>>>
>>> ```js
>>>
>>> let a = "b:${b}";
>>> let b = 10;
>>>
>>> console.log(a.template({b:b}));
>>>
>>> // or
>>>
>>> console.log(a.template({b:27}));
>>>
>>> ```
>>>
>>> You pass named properties and it works with nested properties too (i.e.
>>> ${down.the.road})
>>>
>>> It does use Function which is safe,
>>>
>>
>>
>> Function is safe almost everywhere, but it is worth pointing out
>>
>> https://bugs.webkit.org/show_bug.cgi?id=106160
>> https://bugs.webkit.org/show_bug.cgi?id=131137
>> test_CANT_SAFELY_VERIFY_SYNTAX at
>> https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/repairES5.js#3198
>> repair_CANT_SAFELY_VERIFY_SYNTAX at
>> https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/repairES5.js#4170
>>
>> After the repair, the Function constructor is safe again on Safari, but
>> at considerable expense.
>>
>>
>>
>>
>>> compared to eval, and needed to eventually de-opt from 'use strict' but
>>> of course you could write your own parser avoiding Function completely.
>>>
>>> Finally, I agree it would be nice to be able to have a standard way to
>>> template strings in JS, the templating as it is plays very poorly with
>>> runtime generated strings, using eval for that looks the dirtiest thing on
>>> earth.
>>>
>>> Regards
>>>
>>>
>>>
>>> On Sun, Mar 22, 2015 at 10:05 AM, KOLANICH <kola...@mail.ru> wrote:
>>>
>>>> I needed a functionality but haven't found it.
>>>> See
>>>> https://stackoverflow.com/questions/29182244/convert-a-string-to-a-template-string
>>>> for more details.
>>>> I think that this should be included into standard;
>>>>
>>>>
>>>> Also we need a standard format string functionality like
>>>> https://msdn.microsoft.com/en-us/library/system.string.format.aspx and
>>>> <https://docs.python.org/2/library/string.html#string-formatting>
>>>> https://docs.python.org/2/library/string.html#string-formatting
>>>>
>>>> _______________________________________________
>>>> es-discuss mailing list
>>>> es-discuss@mozilla.org
>>>> https://mail.mozilla.org/listinfo/es-discuss
>>>>
>>>>
>>>
>>> _______________________________________________
>>> es-discuss mailing list
>>> es-discuss@mozilla.org
>>> https://mail.mozilla.org/listinfo/es-discuss
>>>
>>>
>>
>>
>> --
>> Cheers,
>> --MarkM
>>
>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss@mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
