Template Literals for Python (easy and save creation of HTML)
Some weeks ago I started the idea of Template Literals for Python:
https://github.com/guettli/peps/blob/master/pep-9999.rst
I just switched to a new company (descript.de) and diving into their context will need some time.
This means I won't work on the Template Literals PEP.
If you like the idea, then it would be great if you work on it.
Regards, Thomas
I am not convinced of tying `backticks` for a single markup language. Different markup languages presumably have different escape methods? Is Python supposed to be explicitly an HTML based language like many of the design choices of JavaScript?
It also seems like a lot to ask to introduce yet another way of quoting strings which doesn't fit with the existing pattern of string quoting. Python already has single quotes, double quotes, triple single quotes, triple double quotes, and all of these can have an r or f placed in front of them to modify their behavior.
I see you have a section on not using the "i" prefix, but I don't understand the sentence "This is an handy feature, which would not work reliably if there are two different prefixes". What is it trying to say? What would not work reliably and why?
I would like to see this PEP have a section on handling security, this PEP implies the Python standard library will safely escape HTML for you which presumably has security implications? And a section on how it will be updated when/if the HTML specification gets updated that may introduce new ways HTML can/must be escaped. And a section on what are the valid versions of HTML it supports? HTML5 only or does it explicitly support older versions of HTML?
Damian (he/him)
On Fri, Sep 3, 2021 at 9:47 AM Thomas Güttler info@thomas-guettler.de wrote:
Some weeks ago I started the idea of Template Literals for Python:
https://github.com/guettli/peps/blob/master/pep-9999.rst
I just switched to a new company (descript.de) and diving into their context will need some time.
This means I won't work on the Template Literals PEP.
If you like the idea, then it would be great if you work on it.
Regards, Thomas _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-leave@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/BZWBK2... Code of Conduct: http://python.org/psf/codeofconduct/
Am Fr., 3. Sept. 2021 um 16:53 Uhr schrieb Damian Shaw < damian.peter.shaw@gmail.com>:
I am not convinced of tying `backticks` for a single markup language. Different markup languages presumably have different escape methods? Is Python supposed to be explicitly an HTML based language like many of the design choices of JavaScript?
My proposal does not suppose that Python will get explicitly an HTML based language. I am sorry if you understood this.
Template Literals can be used for any sort of use case. My use case is HTML. The PEP uses HTML as an example. But the implementation would not be about HTML at all. Any kind of escaping could be done. This is up to the user of the Template Literals.
It also seems like a lot to ask to introduce yet another way of quoting strings which doesn't fit with the existing pattern of string quoting. Python already has single quotes, double quotes, triple single quotes, triple double quotes, and all of these can have an r or f placed in front of them to modify their behavior.
I see you have a section on not using the "i" prefix, but I don't understand the sentence "This is an handy feature, which would not work reliably if there are two different prefixes". What is it trying to say? What would not work reliably and why?
Some lines above your quote I wrote:
"Some IDEs detect that you want use a f-string automtically".
At the moment there is only the "f" prefix. The automatic detection would not work anymore if there would be two prefixes. Please speak up again, if you need further explanation.
I would like to see this PEP have a section on handling security, this PEP implies the Python standard library will safely escape HTML for you which presumably has security implications? And a section on how it will be updated when/if the HTML specification gets updated that may introduce new ways HTML can/must be escaped. And a section on what are the valid versions of HTML it supports? HTML5 only or does it explicitly support older versions of HTML?
Thank you very much!
That's a good point. I updated the PEP:
{{{ Out of scope: Save escaping of HTML ===================================
Template Literals are about creating a data structure.
The user of Template Literals could use this data structure for any fancy kind of computation.
We estimate most users will use the data structure to create HTML.
Nevertheless, how the user processes the data strucure is up to the user.
Escaping HTML and related security implications are out of scope of this PEP.
}}}
What do you think about this section. Do you agree? If not, then please speak up and tell me what's wrong.
Thank you for your feedback!
Thomas
参加者 (2)
-
Damian Shaw -
Thomas Güttler