interpolation proposals and safety
Paul Backus
snarwin at gmail.com
Fri Aug 30 13:26:59 UTC 2024
On Friday, 30 August 2024 at 11:18:10 UTC, kdevel wrote:
> On Thursday, 29 August 2024 at 14:18:48 UTC, Paul Backus wrote:
>> The real problem here is that the type system does not
>> distinguish between strings that are controlled by the user
>> (and thus may contain malicious data) and strings that are
>> controlled by the programmer. If you define a separate type
>> for user-controlled strings, the mistake is easily caught at
>> compile time:
>
> Sure. But if you forget to do so, you have a "typesafe"
> implementation of XSS. Using the facilities of 1036e in a
> careless way is actually unsafe.
>
> Ideally compilation of such unadorned writes would fail.
Interpolation is just syntax sugar. You can use it to build safe
APIs, or unsafe ones. `writeln` is not a safe API (w.r.t. XSS),
and will not magically become one just because you used
interpolation to pass your arguments to it.
If you were lead to believe that interpolation would somehow make
existing unsafe APIs safe (from injection attacks, XSS, etc.),
then you were misled.
More information about the Digitalmars-d
mailing list