On 31 May 2013 07:15, "Eric Snow"
On Thu, May 30, 2013 at 2:22 PM, Haoyi Li
wrote: The idea was to handle the prefix at either import or compile time (i'm
not
actually sure of the distinction, although i'm sure there is one), so it would be fully inlined by the time the code starts executed (over and over).
Then that is basically the same idea as the one I thought I was extrapolating last night. And I already said there why I think it's unnecessary.
Folks, there are several prior discussions on this list regarding AST based metaprogramming. There *are* valid use cases for letting third party libraries hook into the compilation system to transform a raw text string into a different kind of object, with the three biggest examples being nice subprocess invocations, inline SQL and implicit string interpolation that only permit literals, thus avoiding most naive string injection vulnerabilities. Security is the main gain here, since many security vulnerabilities arise from developers passing untrusted input to unsafe functions. By providing a syntax that accepts only raw string literals, we could open up a new avenue for more secure API design, as literals are just as trusted as any other piece of source code. This is *not* an easy problem to solve, but framing an initial exploration as finding a way to replace the existing string prefix processing is a good way to ground a proposed solution in practical reality. Cheers, Nick.
-eric _______________________________________________ Python-ideas mailing list Python-ideas@python.org http://mail.python.org/mailman/listinfo/python-ideas