[Python-ideas] Custom string prefixes

Yuval Greenfield ubershmekel at gmail.com
Fri May 31 09:32:23 CEST 2013


On Fri, May 31, 2013 at 1:25 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

> [...] implicit string interpolation that only permit literals, thus
> avoiding most naive string injection vulnerabilities.
>
> Security is the main gain here, since many security vulnerabilities arise
> from developers passing untrusted input to unsafe functions. By providing a
> syntax that accepts only raw string literals, we could open up a new avenue
> for more secure API design, as literals are just as trusted as any other
> piece of source code.
>
> [...]
>
>
> Do you mean compile time string interpolation? Because if it's anything
dynamic then it's still unsafe to interpolate raw string literals.

Yuval
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20130531/8e1bbf7c/attachment.html>


More information about the Python-ideas mailing list