[Python-Dev] PEP-498: Literal String Formatting
Wes Turner
wes.turner at gmail.com
Tue Aug 11 17:28:27 CEST 2015
On Aug 11, 2015 10:19 AM, "Wes Turner" <wes.turner at gmail.com> wrote:
>
>
> On Aug 11, 2015 10:10 AM, "Alexander Walters" <tritium-list at sdamon.com>
wrote:
> >
> > This may seam like a simplistic solution to i18n, but why not just add
a method to string objects (assuming we implement f-strings) that just
returns the original, unprocessed string. If the string was not an
f-string, it just returns self. The gettext module can be modified, I
think trivially, to use the method instead of the string directly.
> >
> > Is this a horrible idea?
- [ ] review all string interpolation (for "injection")
* [ ] review every '%'
* [ ] review every ".format()"
* [ ] review every f-string (AND LOCALS AND GLOBALS)
* every os.system, os.exec*, subprocess.Popen
* every unclosed tag
* every unescaped control character
This would create work we don't need.
Solution: __str_shell_ escapes, adds slashes, and quotes. __str__SQL__ refs
a global list of reserved words.
>
> This is a backward compatible macro to elide code in strings that should
not be.
>
> * IIUC, this would only be usable in 3.6+ (so, not at all and style guide
says NO)
> * there should be a normal functional() way to accomplish this in a
backwards compatible way
> * formatlng() / lookup() would be more future compatible
>
> >
> > - Alex W.
> >
> > _______________________________________________
> > Python-Dev mailing list
> > Python-Dev at python.org
> > https://mail.python.org/mailman/listinfo/python-dev
> > Unsubscribe:
https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20150811/57873972/attachment.html>
More information about the Python-Dev
mailing list