On Wed, 6 Dec 2006, Jan Grant wrote:
[regarding string interpolation]
> I think it's a terrible idea in almost every form.
[...]
> The reason _why_ I think it's such a bad idea is the above statement
> just doesn't gel with practical experience. Google will find plenty of
> reading material if you search for "php sql injection" or "php
> cross-site scripting". That is to say:
>
> In many places where string interpolation is used, what you want is NOT
> a simple interpolation.
If i understand you correctly, your argument is:
Many people use simple string interpolation when they should
be using an application-specific quoting mechanism.
Therefore string interpolation should be inconvenient.
I don't agree that the second statement follows from the first.
You are trying to make a "path of least resistance" argument,
but the more logical argument would be:
Many people use simple string interpolation when they should
be using an application-specific quoting mechanism.
Therefore application-specific quoting mechanisms should
be more convenient to create and use.
I see this, therefore, as a design constraint upon the design of
a good string interpolation mechanism.
In Perl and PHP, the standard interpolation mechanism supports
*only* simple string interpolation. Using a more appropriate
quoting mechanism is significantly more inconvenient to the script
programmer; hence it is not so often used.
But here, in Python, we have an opportunity that these other
languages do not -- the opportunity to design a new string
interpolation mechanism that is more convenient than what we have now.
If this mechanism makes application-specific quoting just as, or
nearly as, easy as simple interpolation -- that is, lowering the
usage barrier to the safe path -- then security considerations
would actually point in *favour* of the new mechanism.
Where does this design constraint take us?
One possibility it suggests is that the interpolation function could
be generic, allowing the formatting template to be of a custom type
that supports application-specific quoting. If we go this route,
that would argue in favour of solutions like a method on the
template object or an infix operator, and would reject solutions
like a built-in interpolated string type.
Another possibility is that the interpolation function, if a built-in,
could be overridable.
-- ?!ng
_______________________________________________
Python-3000 mailing list
Python-3000@python.org
http://mail.python.org/mailman/listinfo/python-3000
Unsubscribe:
http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
