[Python-Dev] Re: PEP 292, Simpler String Substitutions

[Paul Prescod]

Neil Hodgson wrote:
> 
>...
> 
>    Not making bindings explicit may mean that translators use other
> variables available at the translation point leading to unexpected failures
> when internal details are changed.

Actually, I don't think that is the case. I think that the security
implications of "_" are overstated.

name = "Paul"
country = "Canada"
password = "jfoiejw"
_('${name} was born in ${country}')

The "_" function can use a regular expression to determine that the
original code used only "${name}" and "${country}". Then it can disallow
access to ${password}

def _(origstring):
	orig_substitions = get_substitutions(origstring)
        translation = lookup_translation(origstring)
	translation_substitions = get_substitutions(translation_substitions)
	assert translation.substitutions == orig_substitutions

 Paul Prescod