<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#330033" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 10/9/2018 7:46 PM, Chris Jerdonek
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOTb1weprvDBMTiHs4_HdBw2vK+hnrSaxj+mj8RFk5Fxmta24Q@mail.gmail.com">
<pre wrap="">On Tue, Oct 9, 2018 at 7:13 PM Benjamin Peterson <a class="moz-txt-link-rfc2396E" href="mailto:benjamin@python.org"><benjamin@python.org></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Tue, Oct 9, 2018, at 17:14, Barry Warsaw wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Oct 9, 2018, at 16:21, Steven D'Aprano <a class="moz-txt-link-rfc2396E" href="mailto:steve@pearwood.info"><steve@pearwood.info></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">
On Tue, Oct 09, 2018 at 10:26:50AM -0700, Guido van Rossum wrote:
</pre>
<blockquote type="cite">
<pre wrap="">My feeling is that limiting it to strings is fine, but checking those
strings for resembling identifiers is pointless and wasteful.
</pre>
</blockquote>
<pre wrap="">
Sure. The question is, do we have to support uses where people
intentionally smuggle non-identifier strings as keys via **kwargs?
</pre>
</blockquote>
<pre wrap="">
I would not be in favor of that. I think it doesn’t make sense to be
able to smuggle those in via **kwargs when it’s not supported by
Python’s grammar/syntax.
</pre>
</blockquote>
<pre wrap="">
Can anyone think of a situation where it would be advantageous for an implementation to reject non-identifier string kwargs? I can't.
</pre>
</blockquote>
<pre wrap="">
One possibility is that it could foreclose certain security bugs from
happening. For example, if someone has an API that accepts **kwargs,
they might have the mistaken assumption that the keys are identifiers
without special characters like ";" etc, and so they could make the
mistake of thinking they don't need to escape / sanitize them.
--Chris
</pre>
</blockquote>
With that line of reasoning, one should make sure the data are
identifiers too :)<br>
</body>
</html>