> On Apr 9, 2017, at 8:46 PM, Félix Cloutier <[email protected]> wrote: > > For XML, I know that you have this XMLString idea, but I think that it would > be very complex to implement in practice. XML has several different contexts > in which escaping has to be different. For instance, you shouldn't escape the > same things in an attribute value as in a comment, or in an XML text node, or > in a CDATA node, and that means that you have to be aware of what you're > looking for at the point where interpolation happens. It's also possible to > come up with uncheckable/incorrect cases (like `<foo \(bar)>`), meaning that > it either has to accept anything in some cases or be failable (and besides, > "just remove :XMLString and it works!").
It is complex, and yet Rails has done this kind of thing pretty successfully (in a different, dynamic-language-y way) for about eight years: <https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/string/output_safety.rb> You just have to scale back your ambitions slightly. Your goal is not to somehow, through the type system, prevent the construction of an invalid string. Your goal is to ensure that interpolated content is, by default, escaped enough to prevent injection attacks. Developers can still make escaping mistakes, but those mistakes will err on the side of escaping too much instead of too little. You can't prevent failure entirely, but you can fail secure instead of failing insecure. -- Brent Royal-Gordon Architechies
_______________________________________________ swift-evolution mailing list [email protected] https://lists.swift.org/mailman/listinfo/swift-evolution
