On 21 July 2015 at 21:58, Eric V. Smith <eric@trueblade.com> wrote:
[1] Which makes me think of the crazy idea of passing in unevaluated f-strings in to another function to be evaluated in their context. But the code injection opportunities with doing this with arbitrary user-specified strings are just too scary to think about. At least with str.format() you're limited in to what the expressions can do. Basically indexing and attribute access. No function calls: '{.exit()}'.format(sys) !
Yeah, this is why I think anything involving implicit interpolation needs to be transparent to the compiler: the security implications with anything other than literal format strings or some other explicitly compile time operation are far too "exciting" otherwise. I wonder though, if we went with the f-strings idea, could we make them support a *subset* of the "str.format" call syntax, rather than a superset? What if they supported name and attribute lookup syntax, but not positional or subscript lookup? They'd still be a great for formatting output in scripts and debugging messages, but more complex formatting cases would still involve reaching for str.format, str.format_map or exec("print(f'{this} is an odd way to do a {format_map} call')", namespace). Regards, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia