[Python-Dev] PEP 215 redux: toward a simplified consensus?

Guido van Rossum guido@python.org
Mon, 25 Feb 2002 17:04:04 -0500


There are two entirely different potential uses for interpolation.
One is for the Python programmer; call this literal interpolation.
It's cute to be able to write

    a = 12
    b = 15
    c = a*b
    print $"A rectangle of $a x $b has an area of $c."

This is arguably better than

    print "A rectangle of", a, "x", b, "has an area of", c, "."

(and to get rid of the space between the value of c and the '.' a
totally different paradigm would have to be used).

A totally *different* use of interpolation is for templates, where
both the template (any data containing the appropriate $ syntax) and
the set of variables to be substituted (any mapping) should be under
full control of the program.  This is what mailmail needs.

Literal interpolation has no security issues, if done properly.  In
the latter use, the security issues can be taken care of by carefully
deciding what data is available in the set of variables to be
interpolated.  The interpolation syntax I've proposed is intentionally
very simple, so that this is relatively easy.  I recall seeing slides
at the conference of a templating system (maybe Twisted's?) that
allowed expressions like $foo.bar[key] which would be much harder to
secure.

I18n of templates is easy -- just look up the template string in the
translation database.

I18n of apps using literal interpolation is more of a can of worms,
and I have no clear solution.  I agree that a solution is needed --
otherwise literal interpolation would be *worse* than what we have now!

--Guido van Rossum (home page: http://www.python.org/~guido/)