<p dir="ltr"><br>
On Aug 11, 2015 10:19 AM, "Wes Turner" <<a href="mailto:wes.turner@gmail.com">wes.turner@gmail.com</a>> wrote:<br>
><br>
><br>
> On Aug 11, 2015 10:10 AM, "Alexander Walters" <<a href="mailto:tritium-list@sdamon.com">tritium-list@sdamon.com</a>> wrote:<br>
> ><br>
> > This may seam like a simplistic solution to i18n, but why not just add a method to string objects (assuming we implement f-strings) that just returns the original, unprocessed string. If the string was not an f-string, it just returns self. The gettext module can be modified, I think trivially, to use the method instead of the string directly.<br>
> ><br>
> > Is this a horrible idea?</p>
<p dir="ltr">- [ ] review all string interpolation (for "injection")<br>
* [ ] review every '%'<br>
* [ ] review every ".format()"<br>
* [ ] review every f-string (AND LOCALS AND GLOBALS)<br>
* every os.system, os.exec*, subprocess.Popen<br>
* every unclosed tag<br>
* every unescaped control character</p>
<p dir="ltr">This would create work we don't need.</p>
<p dir="ltr">Solution: __str_shell_ escapes, adds slashes, and quotes. __str__SQL__ refs a global list of reserved words.</p>
<p dir="ltr">><br>
> This is a backward compatible macro to elide code in strings that should not be.<br>
><br>
> * IIUC, this would only be usable in 3.6+ (so, not at all and style guide says NO)<br>
> * there should be a normal functional() way to accomplish this in a backwards compatible way<br>
> * formatlng() / lookup() would be more future compatible<br>
><br>
> ><br>
> > - Alex W.<br>
> ><br>
> > _______________________________________________<br>
> > Python-Dev mailing list<br>
> > <a href="mailto:Python-Dev@python.org">Python-Dev@python.org</a><br>
> > <a href="https://mail.python.org/mailman/listinfo/python-dev">https://mail.python.org/mailman/listinfo/python-dev</a><br>
> > Unsubscribe: <a href="https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com">https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com</a><br>
</p>