<p dir="ltr"><br>
On 31 May 2013 07:15, "Eric Snow" <<a href="mailto:ericsnowcurrently@gmail.com">ericsnowcurrently@gmail.com</a>> wrote:<br>
><br>
> On Thu, May 30, 2013 at 2:22 PM, Haoyi Li <<a href="mailto:haoyi.sg@gmail.com">haoyi.sg@gmail.com</a>> wrote:<br>
> > The idea was to handle the prefix at either import or compile time (i'm not<br>
> > actually sure of the distinction, although i'm sure there is one), so it<br>
> > would be fully inlined by the time the code starts executed (over and over).<br>
><br>
> Then that is basically the same idea as the one I thought I was<br>
> extrapolating last night. And I already said there why I think it's<br>
> unnecessary.</p>
<p dir="ltr">Folks, there are several prior discussions on this list regarding AST based metaprogramming. There *are* valid use cases for letting third party libraries hook into the compilation system to transform a raw text string into a different kind of object, with the three biggest examples being nice subprocess invocations, inline SQL and implicit string interpolation that only permit literals, thus avoiding most naive string injection vulnerabilities.</p>
<p dir="ltr">Security is the main gain here, since many security vulnerabilities arise from developers passing untrusted input to unsafe functions. By providing a syntax that accepts only raw string literals, we could open up a new avenue for more secure API design, as literals are just as trusted as any other piece of source code.</p>
<p dir="ltr">This is *not* an easy problem to solve, but framing an initial exploration as finding a way to replace the existing string prefix processing is a good way to ground a proposed solution in practical reality.</p>
<p dir="ltr">Cheers,<br>
Nick.</p>
<p dir="ltr">><br>
> -eric<br>
> _______________________________________________<br>
> Python-ideas mailing list<br>
> <a href="mailto:Python-ideas@python.org">Python-ideas@python.org</a><br>
> <a href="http://mail.python.org/mailman/listinfo/python-ideas">http://mail.python.org/mailman/listinfo/python-ideas</a><br>
</p>