21 Mar
2022
21 Mar
'22
1:42 p.m.
On 2022-03-21, Gregory P. Smith wrote:
TL;DR - PEP 675 allows type checkers to help prevent bugs allowing attacker-controlled data to be passed to APIs that declare themselves as requiring literal, in-code strings.
Great idea. I did something like this for HTML templating in the Quixote web framework (to avoid XSS bugs). I did it as a special kind of module with a slightly different compiler (using AST transform). With the LiteralString feature, I can implement the same kind of thing directly in Python.