
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">

<meta name="Generator" content="Microsoft Exchange Server">

<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>

</head>

<body>

<div>

<div>

<div style="font-family:Calibri,sans-serif; font-size:11pt">> Could you provide an example what is wrong with<br>

"{a}{b}".format(**vars())?<br>

<br>

>>> ["{a}{b}".format(**vars()) for _ in range(1)]<br>

<br>

Comprehensions have their own scope. This needs to be a compile-time transform into a normal variable lookup.<br>

<br>

Cheers,<br>

Steve<br>

<br>

Top-posted from my Windows Phone</div>

</div>

<div dir="ltr">

<hr>

<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">From:

</span><span style="font-family:Calibri,sans-serif; font-size:11pt"><a href="mailto:4kir4.1i@gmail.com">Akira Li</a></span><br>

<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">Sent:

</span><span style="font-family:Calibri,sans-serif; font-size:11pt">ı8/ı7/ı2015 18:55</span><br>

<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">To:

</span><span style="font-family:Calibri,sans-serif; font-size:11pt"><a href="mailto:python-ideas@python.org">python-ideas@python.org</a></span><br>

<span style="font-family:Calibri,sans-serif; font-size:11pt; font-weight:bold">Subject:

</span><span style="font-family:Calibri,sans-serif; font-size:11pt">Re: [Python-ideas] Briefer string format</span><br>

<br>

</div>

</div>

<font size="2"><span style="font-size:10pt;">

<div class="PlainText">Guido van Rossum <guido@python.org> writes:<br>

<br>

> On Thu, Aug 6, 2015 at 10:35 PM, Wes Turner<br>

> <wes.turner@gmail.com> wrote:<br>

><br>

>><br>

>> On Aug 6, 2015 3:03 PM, "Guido van Rossum" <guido@python.org> wrote:<br>

>> ><br>

>> > Unfortunately, all spellings that require calling locals() are wrong.<br>

>><br>

>> Is this where the potential source of surprising error is?<br>

>><br>

>> * Explicit / Implicit locals()<br>

>><br>

> This is a big deal because of the worry about code injection. A "classic"<br>

> format string given access to locals() (e.g. using s.format(**locals()))<br>

> always stirs worries about code injection if the string is a variable. The<br>

> proposed forms of string interpolation don't give access to locals *other<br>

> than the locals where the string "literal" itself exists*. This latter<br>

> access is no different from the access to locals in any expression. (The<br>

> same for globals(), of course.)<br>

><br>

> The other issue with explicit locals() is that to the people who would most<br>

> benefit from variable interpolation (typically relatively unsophisticated<br>

> users), it is magical boilerplate. (Worse, it's boilerplate that their more<br>

> experienced mentors will warn them against because of the code injection<br>

> worry.)<br>

<br>

Googling e.g., "python locals code injection" yields nothing specific:<br>

<br>

<a href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fstackoverflow.com%2fquestions%2f2515450%2finjecting-variables-into-the-callers-scope&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WJJTSsqvRuTy9ZCKgDPNfqp8rC2032i%2fudmnZ%2bG%2bMZg%3d">https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fstackoverflow.com%2fquestions%2f2515450%2finjecting-variables-into-the-callers-scope&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WJJTSsqvRuTy9ZCKgDPNfqp8rC2032i%2fudmnZ%2bG%2bMZg%3d</a><br>

<a href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fstackoverflow.com%2fquestions%2f13312240%2fis-a-string-formatter-that-pulls-variables-from-its-calling-scope-bad-practice&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=RZKdUQiJRzlp%2bikOPERDJzX8facaBRWuf1brLXy0D6M%3d">https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fstackoverflow.com%2fquestions%2f13312240%2fis-a-string-formatter-that-pulls-variables-from-its-calling-scope-bad-practice&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=RZKdUQiJRzlp%2bikOPERDJzX8facaBRWuf1brLXy0D6M%3d</a><br>

<br>

Could you provide an example what is wrong with<br>

"{a}{b}".format(**vars())?<br>

<br>

Is it correct to say that there is nothing wrong with it as long as the<br>

string is always a *literal*?<br>

<br>

_______________________________________________<br>

Python-ideas mailing list<br>

Python-ideas@python.org<br>

<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmail.python.org%2fmailman%2flistinfo%2fpython-ideas&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Rwn2JLTjmWxnzx%2bp0zixk8gQprBYF3mcp8a%2fUhio1mY%3d">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmail.python.org%2fmailman%2flistinfo%2fpython-ideas&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Rwn2JLTjmWxnzx%2bp0zixk8gQprBYF3mcp8a%2fUhio1mY%3d</a><br>

Code of Conduct: <a href="https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fpython.org%2fpsf%2fcodeofconduct%2f&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=DmWW4wAFmzYnI%2beEZSJcMVMgxGAojWSxyxP%2bVsusPfY%3d">

https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fpython.org%2fpsf%2fcodeofconduct%2f&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=DmWW4wAFmzYnI%2beEZSJcMVMgxGAojWSxyxP%2bVsusPfY%3d</a><br>

</div>

</span></font>

</body>

</html>