On Aug 11, 2015 10:19 AM, "Wes Turner" <wes.turner@gmail.com> wrote:
>
>
> On Aug 11, 2015 10:10 AM, "Alexander Walters" <tritium-list@sdamon.com> wrote:
> >
> > This may seam like a simplistic solution to i18n, but why not just add a method to string objects (assuming we implement f-strings) that just returns the original, unprocessed string.  If the string was not an f-string, it just returns self.  The gettext module can be modified, I think trivially, to use the method instead of the string directly.
> >
> > Is this a horrible idea?

- [ ] review all string interpolation (for "injection")
  * [ ] review every '%'
  * [ ] review every ".format()"
  * [ ] review every f-string (AND LOCALS AND GLOBALS)
  * every os.system, os.exec*, subprocess.Popen
  * every unclosed tag
  * every unescaped control character

This would create work we don't need.

Solution: __str_shell_ escapes, adds slashes, and quotes. __str__SQL__ refs a global list of reserved words.

>
> This is a backward compatible macro to elide code in strings that should not be.
>
> * IIUC, this would only be usable in 3.6+ (so, not at all and style guide says NO)
>   * there should be a normal functional() way to accomplish this in a backwards compatible way
>   * formatlng() / lookup() would be more future compatible
>
> >
> > - Alex W.
> >
> > _______________________________________________
> > Python-Dev mailing list
> > Python-Dev@python.org
> > https://mail.python.org/mailman/listinfo/python-dev
> > Unsubscribe: https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com