Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2002-June/025835.html below:

PEP 292, Simpler String Substitutions

• Previous message: [Python-Dev] Re: PEP 292, Simpler String Substitutions
• Next message: [Python-Dev] Re: PEP 292, Simpler String Substitutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "CT" == Christian Tismer <tismer@tismer.com> writes:

    CT> If there are program variables directly accessible inside
    CT> strings to be interpolated, then I see possible abuse, if
    CT> abusers manage to supply such a string in an unforeseen way.

For literal strings in .py files, the only way that's going to happen
is if someone you don't trust is hacking your source code, /or/ if you
have evil translators sneaking in bogus translation strings.  The
latter can be solved with a verification step over your message
catalogs, while the former I leave as an exercise for the reader. :)

So still, I trust automatic interpolation of program vars for literal
strings, but for strings coming from some other source (e.g. a web
form), then yes, you obviously want to be explicit about the
interpolation dictionary.

-Barry

• Previous message: [Python-Dev] Re: PEP 292, Simpler String Substitutions
• Next message: [Python-Dev] Re: PEP 292, Simpler String Substitutions
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4