<div dir="ltr">> <span style="font-family:arial,sans-serif;font-size:13px">Then that is basically the same idea as the one I thought I was</span><br style="font-family:arial,sans-serif;font-size:13px"><span style="font-family:arial,sans-serif;font-size:13px">extrapolating last night. And I already said there why I think it's</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">unnecessary.</span><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div style><span style="font-family:arial,sans-serif;font-size:13px">We've both answered each others points, and neither of us is convinced. Let's just say we disagree and leave it at that =); we don't *need* to convince each other right here right now.</span></div>
<div style><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 30, 2013 at 6:25 PM, Nick Coghlan <span dir="ltr"><<a href="mailto:ncoghlan@gmail.com" target="_blank">ncoghlan@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><p dir="ltr"><br>
On 31 May 2013 07:15, "Eric Snow" <<a href="mailto:ericsnowcurrently@gmail.com" target="_blank">ericsnowcurrently@gmail.com</a>> wrote:<br>
><br>
> On Thu, May 30, 2013 at 2:22 PM, Haoyi Li <<a href="mailto:haoyi.sg@gmail.com" target="_blank">haoyi.sg@gmail.com</a>> wrote:<br>
> > The idea was to handle the prefix at either import or compile time (i'm not<br>
> > actually sure of the distinction, although i'm sure there is one), so it<br>
> > would be fully inlined by the time the code starts executed (over and over).<br>
><br>
> Then that is basically the same idea as the one I thought I was<br>
> extrapolating last night. And I already said there why I think it's<br>
> unnecessary.</p>
</div></div><p dir="ltr">Folks, there are several prior discussions on this list regarding AST based metaprogramming. There *are* valid use cases for letting third party libraries hook into the compilation system to transform a raw text string into a different kind of object, with the three biggest examples being nice subprocess invocations, inline SQL and implicit string interpolation that only permit literals, thus avoiding most naive string injection vulnerabilities.</p>
<p dir="ltr">Security is the main gain here, since many security vulnerabilities arise from developers passing untrusted input to unsafe functions. By providing a syntax that accepts only raw string literals, we could open up a new avenue for more secure API design, as literals are just as trusted as any other piece of source code.</p>
<p dir="ltr">This is *not* an easy problem to solve, but framing an initial exploration as finding a way to replace the existing string prefix processing is a good way to ground a proposed solution in practical reality.</p>
<p dir="ltr">Cheers,<br>
Nick.</p>
<p dir="ltr">><br>
> -eric</p><div class="im"><br>
> _______________________________________________<br>
> Python-ideas mailing list<br>
> <a href="mailto:Python-ideas@python.org" target="_blank">Python-ideas@python.org</a><br>
> <a href="http://mail.python.org/mailman/listinfo/python-ideas" target="_blank">http://mail.python.org/mailman/listinfo/python-ideas</a><br>
</div><p></p>
</blockquote></div><br></div>