On Tue, Apr 25, 2023 at 6:16 PM Joao S. O. Bueno <gwid...@gmail.com> wrote:
> > Worst case scenario, one goes from one non-running program to a running > program producing partially incorrect output. Any legacy code that was not > working in the first place, is obviously, clearly, not critical for anyone, > otherwise it would have been fixed already. > Worst case scenario: use of this feature introduces bugs. For example, security holes. Generally, formatting and parsing are not idempotent and you should not reformat or reparse already processed strings. See http://google-gruyere.appspot.com/ to learn more about the pitfalls and in particular http://google-gruyere.appspot.com/part5#5__information_disclosure_bug_3 On Fri, Apr 28, 2023 at 8:49 AM MRAB <pyt...@mrabarnett.plus.com> wrote: > > What happens if you do '{open}...{close}'.partial_format(open='{close}'? > You get '{close}...{close}', and you're going to have a problem using > that as a format string and replacing only the second '{close}'. > To take this further, suppose you write 'Hello {username} from {company}'.format(userdata).format(companydata) where the user has set their name to "Dr. {secret} Evil" where {secret} is something in companydata that should not be exposed. The presence of this bug is going to be very hard to find. This seems like an obvious case of a non-solution to a non-problem that's actually worse than no solution at all. --- Bruce
_______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/M3QBMY22VKGOTDXMBBA6ED54ETUVFNDH/ Code of Conduct: http://python.org/psf/codeofconduct/
