[Python-ideas] Custom string prefixes
Haoyi Li
haoyi.sg at gmail.com
Fri May 31 00:29:43 CEST 2013
> Then that is basically the same idea as the one I thought I was
extrapolating last night. And I already said there why I think it's
unnecessary.
We've both answered each others points, and neither of us is convinced.
Let's just say we disagree and leave it at that =); we don't *need* to
convince each other right here right now.
On Thu, May 30, 2013 at 6:25 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
>
> On 31 May 2013 07:15, "Eric Snow" <ericsnowcurrently at gmail.com> wrote:
> >
> > On Thu, May 30, 2013 at 2:22 PM, Haoyi Li <haoyi.sg at gmail.com> wrote:
> > > The idea was to handle the prefix at either import or compile time
> (i'm not
> > > actually sure of the distinction, although i'm sure there is one), so
> it
> > > would be fully inlined by the time the code starts executed (over and
> over).
> >
> > Then that is basically the same idea as the one I thought I was
> > extrapolating last night. And I already said there why I think it's
> > unnecessary.
>
> Folks, there are several prior discussions on this list regarding AST
> based metaprogramming. There *are* valid use cases for letting third party
> libraries hook into the compilation system to transform a raw text string
> into a different kind of object, with the three biggest examples being nice
> subprocess invocations, inline SQL and implicit string interpolation that
> only permit literals, thus avoiding most naive string injection
> vulnerabilities.
>
> Security is the main gain here, since many security vulnerabilities arise
> from developers passing untrusted input to unsafe functions. By providing a
> syntax that accepts only raw string literals, we could open up a new avenue
> for more secure API design, as literals are just as trusted as any other
> piece of source code.
>
> This is *not* an easy problem to solve, but framing an initial exploration
> as finding a way to replace the existing string prefix processing is a good
> way to ground a proposed solution in practical reality.
>
> Cheers,
> Nick.
>
> >
> > -eric
>
> > _______________________________________________
> > Python-ideas mailing list
> > Python-ideas at python.org
> > http://mail.python.org/mailman/listinfo/python-ideas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20130530/7d1d1849/attachment.html>
More information about the Python-ideas
mailing list