July 23, 2018
10:23 p.m.
On Tue, Jul 24, 2018 at 8:05 AM, Giampaolo Rodola' <g.rodola@gmail.com> wrote:
The argument about this is that '?.' short-circuits execution *silently*. Instead of AttributeError you get None. You may chain ?. in order to lazily traverse a long tree, inadvertently assign None to a variable, continue code execution and fail later rather than sooner:
email = request?.context?.user?.email # None ... sendmail(subject, body, email)
Some (Antoine) rightly argued this may even have security implications (replace 'email' with 'password').
This thread has been long and rambling. Can you elaborate on the security implications? Normally, I would expect that a password of None would always fail to validate. ChrisA