[Python-ideas] Custom string prefixes
Yuval Greenfield
ubershmekel at gmail.com
Fri May 31 09:32:23 CEST 2013
On Fri, May 31, 2013 at 1:25 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> [...] implicit string interpolation that only permit literals, thus
> avoiding most naive string injection vulnerabilities.
>
> Security is the main gain here, since many security vulnerabilities arise
> from developers passing untrusted input to unsafe functions. By providing a
> syntax that accepts only raw string literals, we could open up a new avenue
> for more secure API design, as literals are just as trusted as any other
> piece of source code.
>
> [...]
>
>
> Do you mean compile time string interpolation? Because if it's anything
dynamic then it's still unsafe to interpolate raw string literals.
Yuval
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20130531/8e1bbf7c/attachment.html>
More information about the Python-ideas
mailing list