> One ask - make string interpolation great again?
I have a dream, that ExpressibleByStringInterpolation would allow to
distinguish literal segments and embedded inputs.
Today, the documentation of this protocol [1] says:
"One cookie: $\(price), \(number) cookies: $\(price * number)."
// <=>
let message = String(stringInterpolation:
String(stringInterpolationSegment: "One cookie: $"),
String(stringInterpolationSegment: price),
String(stringInterpolationSegment: ", "),
String(stringInterpolationSegment: number),
String(stringInterpolationSegment: " cookies: $"),
String(stringInterpolationSegment: price * number),
String(stringInterpolationSegment: "."))
This means that ExpressibleByStringInterpolation can't distinguish "foo" from
`bar` in "foo\(bar)".
If this distinction were possible, some nice features could emerge, such as
context-sensitive escaping:
// func render(_ html: HTML)
let title = "<script>boom();</script>"
render("<h1>\(title)</h1>") // escapes input
// func query(_ sql: SQL)
let name = "Robert'); DROP TABLE students; --"
query("SELECT * FROM students WHERE name = \(name)") // avoids SQL
injection
Ideally, a solution for multi-line literals (for strings and interpolated
strings) would be found, too.
I wish the manifesto would address these topics as well :-)
Regards,
Gwendal Roué
[1] https://developer.apple.com/reference/swift/expressiblebystringinterpolation
_______________________________________________
swift-evolution mailing list
[email protected]
https://lists.swift.org/mailman/listinfo/swift-evolution
