"M.-A. Lemburg" wrote:
...
It is. Currently Python strings are just that: immutable strings. Now, you suddenly add dynamics to then.
I don't want to go through this whole thread from the beginning again. PEP 215 does not add "dynamics" to anything. In fact, PEP 215 is a more static mechanism than the current idiom. Even if we make PEP 215's behaviour the default for strings, it is still NOT DYNAMIC.
... This will cause nightmares in terms of security.
There is a thread called "PEP 215 does not introduce security issues". Please read it. Everyone involved who initially thought that PEP 215 had security issues backed down and agreed that it did not. Once again, whether there is a string prefix or not is irrelevant to this question. PEP 215's semantics are *not dynamic*.
... Note that Python hasn't really had a need for Perl's "taint" because of this. I wouldn't want to see that change in any way.
I am certainly not a Perl programmer but Python is also attackable through the sorts of holes that "taint" is intended to avoid. username = raw_input() os.system("cp %s.new %s.old" % (username, username)) Perl considers this "dangerous" and so it has taint. It has *nothing* to do with interpolation syntax.
... Huh ? I bet RedHat and thousands of sysadmins who have switched from shell or Perl to Python would have strong objections.
Python has a construct called a "raw string" which is perfect for when you don't want backslashes treated specially. Paul Prescod