Showing content from http://mail.python.org/pipermail/python-dev/attachments/20150904/63dc2948/attachment.html below:
<div dir="ltr"><div>I think it's too much effort for too little gain.<br><br>The
motivation feels very weak; surely writing<br><br>Â os.system("echo " +
message_from_user)<br><br>is just as easy (as is the %s spelling), so the
security issue can hardly be blamed on PEP 498.<br><br>I also don't think that
the current way to address such security issues is a big deal:<br><br>- The subprocess module is complex for other reasons, and a simpler wrapper could
easily be made;<br><br>- Database wrappers have forever included their own
solution for safely quoting query parameters, and people who still
don't use that are not likely to care about i-strings either.<br><br></div><div>- Logging: again, it's hard to beat the existing solution, which mostly comes down to using %r instead of %s for any user-supplied or otherwise unverified data.<br></div><div><br>- HTML
quoting is an art and I'm skeptical that the proposal will even work for
that use case.<br><br></div>-- <br><div class="gmail_signature">--Guido van Rossum (<a href="http://python.org/~guido" target="_blank">python.org/~guido</a>)</div>
</div>
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4