[Python-ideas] Briefer string format
Barry Warsaw
barry at python.org
Fri Aug 7 17:43:32 CEST 2015
On Aug 07, 2015, at 10:12 AM, Guido van Rossum wrote:
>This is a big deal because of the worry about code injection. A "classic"
>format string given access to locals() (e.g. using s.format(**locals()))
>always stirs worries about code injection if the string is a variable. The
>proposed forms of string interpolation don't give access to locals *other
>than the locals where the string "literal" itself exists*. This latter
>access is no different from the access to locals in any expression. (The
>same for globals(), of course.)
I took a look at the Mailman trunk. It's definitely the case that the
majority of the uses of flufl.i18n's string interpolation are with in-place
literals. A few examples of where a variable is passed in instead:
* An error notification where some other component calculates the error
message and is passed to a generic reporting function. The error message
may be composed from several literal bits and pieces.
* Translate a template read from a data file.
I'd put this in the camp of consenting adults. It's useful and rare, so if I
saw non-literals in a code review, I'd question it, but probably not disallow
it. I'd want to spend extra time reviewing the code to be assured it's not a
vector for code injections.
>The other issue with explicit locals() is that to the people who would most
>benefit from variable interpolation (typically relatively unsophisticated
>users), it is magical boilerplate. (Worse, it's boilerplate that their more
>experienced mentors will warn them against because of the code injection
>worry.)
Which is why I think it can't be implicit for all strings. E.g. in an i18n
context, seeing _('$person did $something') is a very explicit marker.
>I'm not sure what your point is here. (Genuinely not sure -- this is not a
>rhetorical flourish.) Are you saying that you prefer the explicit
>formatting operation because it acts as a signal to the reader that
>formatting is taking place?
Although I didn't say it, I'd answer this question "yes".
Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150807/c811fad6/attachment.sig>
More information about the Python-ideas
mailing list