[Python-Dev] Arbitrary non-identifier string keys when using **kwargs

Chris Barker - NOAA Federal chris.barker at noaa.gov
Thu Oct 11 13:27:08 EDT 2018

> On the server side, the application could be doing something like
> assuming that the kwargs are e.g. column names

This is exactly a use-case for non-identifier strings in kwargs. The
rules for valid field names could very well be different than Python’s

The kwargs implementation is not the place for sanitizing to take
place — each app will need different sanitization rules.


More information about the Python-Dev mailing list