Could you provide an example what is wrong with "{a}{b}".format(**vars())?
["{a}{b}".format(**vars()) for _ in range(1)]
Comprehensions have their own scope. This needs to be a compile-time transform into a normal variable lookup. Cheers, Steve Top-posted from my Windows Phone ________________________________ From: Akira Li<mailto:4kir4.1i@gmail.com> Sent: 8/7/2015 18:55 To: python-ideas@python.org<mailto:python-ideas@python.org> Subject: Re: [Python-ideas] Briefer string format Guido van Rossum <guido@python.org> writes:
On Thu, Aug 6, 2015 at 10:35 PM, Wes Turner <wes.turner@gmail.com> wrote:
On Aug 6, 2015 3:03 PM, "Guido van Rossum" <guido@python.org> wrote:
Unfortunately, all spellings that require calling locals() are wrong.
Is this where the potential source of surprising error is?
* Explicit / Implicit locals()
This is a big deal because of the worry about code injection. A "classic" format string given access to locals() (e.g. using s.format(**locals())) always stirs worries about code injection if the string is a variable. The proposed forms of string interpolation don't give access to locals *other than the locals where the string "literal" itself exists*. This latter access is no different from the access to locals in any expression. (The same for globals(), of course.)
The other issue with explicit locals() is that to the people who would most benefit from variable interpolation (typically relatively unsophisticated users), it is magical boilerplate. (Worse, it's boilerplate that their more experienced mentors will warn them against because of the code injection worry.)
Googling e.g., "python locals code injection" yields nothing specific: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fstackoverflow.com%2fquestions%2f2515450%2finjecting-variables-into-the-callers-scope&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=WJJTSsqvRuTy9ZCKgDPNfqp8rC2032i%2fudmnZ%2bG%2bMZg%3d https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fstackoverflow.com%2fquestions%2f13312240%2fis-a-string-formatter-that-pulls-variables-from-its-calling-scope-bad-practice&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=RZKdUQiJRzlp%2bikOPERDJzX8facaBRWuf1brLXy0D6M%3d Could you provide an example what is wrong with "{a}{b}".format(**vars())? Is it correct to say that there is nothing wrong with it as long as the string is always a *literal*? _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmail.python.org%2fmailman%2flistinfo%2fpython-ideas&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Rwn2JLTjmWxnzx%2bp0zixk8gQprBYF3mcp8a%2fUhio1mY%3d Code of Conduct: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fpython.org%2fpsf%2fcodeofconduct%2f&data=01%7c01%7csteve.dower%40microsoft.com%7ceb455eb18c7b4fe4c47b08d29f947ec5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=DmWW4wAFmzYnI%2beEZSJcMVMgxGAojWSxyxP%2bVsusPfY%3d