[Python-ideas] Draft PEP on string interpolation
Nathaniel Smith
njs at pobox.com
Thu Aug 27 08:32:32 CEST 2015
On Mon, Aug 24, 2015 at 3:45 PM, Guido van Rossum <guido at python.org> wrote:
> On Mon, Aug 24, 2015 at 3:32 PM, Nathaniel Smith <njs at pobox.com> wrote:
>>
>> [...]
>> I mean, it's great that the rise of languages like Python that have
>> easy range-checked string manipulation has knocked buffer overflows
>> out of the #1 spot, but... :-)
>>
>> Guido is right that the nice thing about classic string interpolation
>> is that its use in many languages gives us tons of data about how it
>> works in practice. But one of the things that data tells us is that it
>> actually causes a lot of problems! Do we actually want to continue the
>> status quo, where one set of people keep designing languages features
>> to make it easier and easier to slap strings together, and then
>> another set of people spend increasing amounts of energy trying to
>> educate all the users about why they shouldn't actually use those
>> features? It wouldn't be the end of the world (that's why we call it
>> "the status quo" ;-)), and trying to design something new and better
>> is always difficult and risky, but this seems like a good moment to
>> think very hard about whether there's a better way.
>
>
> Or maybe from the persistence of quoting bugs we could conclude that the
> ways people slap strings together have very little effect on this category
> of bugs?
I was going to say something about how we could learn from the
solutions that are regularly deployed for these problems, and just
haven't historically influenced language designers so they're less
convenient and don't get used enough... but then I realized that I had
misremembered and jinja2 actually disables automatic escaping by
default:
http://jinja.pocoo.org/docs/dev/templates/#html-escaping
which certainly reduced my enthusiasm for the idea.
If someone does want to follow up I guess it might still be worth
asking the jinja2 folks (or similar projects) whether there's anything
Python could do to help fix the issues they identify...
-n
--
Nathaniel J. Smith -- http://vorpus.org
More information about the Python-ideas
mailing list