interpolation proposals and safety
kdevel
kdevel at vogtner.de
Fri Aug 30 11:18:10 UTC 2024
On Thursday, 29 August 2024 at 14:18:48 UTC, Paul Backus wrote:
>>
>> [...]
>>
>> `writeln` should not print unadorned interpolated string
>> expressions.
>
> The real problem here is that the type system does not
> distinguish between strings that are controlled by the user
> (and thus may contain malicious data) and strings that are
> controlled by the programmer. If you define a separate type for
> user-controlled strings, the mistake is easily caught at
> compile time:
Sure. But if you forget to do so, you have a "typesafe"
implementation of XSS. Using the facilities of 1036e in a
careless way is actually unsafe.
Ideally compilation of such unadorned writes would fail.
More information about the Digitalmars-d
mailing list