> On Apr 7, 2017, at 2:15 PM, Félix Cloutier via swift-evolution > <swift-evolution@swift.org> wrote: > > I don't necessarily think that the concept is a bad idea, but I think that > the interaction of Swift features facilitates poor coding decisions. For > example, the proposal interpolates an `author` variable straight into an XML > document, and suggests doing the same to JSON strings. To me, this shows that > an important use case of the feature is to format payloads in a way that is > known to cause vulnerabilities.
I don't know if it will be reviewed for Swift 4, let alone be accepted, but I have a proposal in for a revised string interpolation protocol. One of the major use cases I considered was types which provided safe interpolation for things like markup languages and JSON. So, for instance, if you wrote this: let xml: XMLString = """ <?xml version="1.0"?> <catalog> <book id="bk101" empty=""> <author>\(author)</author> <title>XML Developer's Guide</title> <genre>Computer</genre> <price>44.95</price> <publish_date>2000-10-01</publish_date> <description>An in-depth look at creating applications with XML.</description> </book> </catalog> """ XMLString could escape `author` by default, unless it were itself an `XMLString` or you wrote the interpolation as `\(raw: author)`. And of course, this being Swift, `XMLString` would not necessarily have to be stated explicitly; it could come from being concatenated to an `XMLString`, passed in an `XMLString` parameter, or assigned to an `XMLString` property. So I think this particular concern is orthogonal to the question of supporting multiline strings. Escaping safety is possible—it's just a separate feature. -- Brent Royal-Gordon Architechies
_______________________________________________ swift-evolution mailing list swift-evolution@swift.org https://lists.swift.org/mailman/listinfo/swift-evolution