The state of string interpolation...one year later
Olivier FAURE
couteaubleu at gmail.com
Mon Mar 18 09:05:33 UTC 2019
On Sunday, 17 March 2019 at 14:01:36 UTC, ag0aep6g wrote:
> Either way, you likely got yourself an HTML injection.
>
> That might be the crux of string interpolation: It looks nice
> in simple examples, but is it still nice when you need to
> encode your variables for the output?
One way to deal with these cases would be to have an alternate
string interpolation syntax for format string, eg:
fi"SELECT $field FROM $table"
is lowered to
"SELECT %s FROM %s", field, table
Other alternatives have been suggested (eg interpolation creating
delegates that can be passed at compile time), but I think the
above solution is the most KISS and elegant.
It encourages robust design, where the only argument parsed is
the first one and every other argument is sanitized by default.
More information about the Digitalmars-d
mailing list