interpolation proposals and safety

H. S. Teoh hsteoh at qfbox.info
Fri Aug 30 15:09:39 UTC 2024


On Fri, Aug 30, 2024 at 02:36:56PM +0000, Steven Schveighoffer via Digitalmars-d wrote:
> On Friday, 30 August 2024 at 12:07:47 UTC, kdevel wrote:
[...]
> > With post-1036e D the user has now three equally potent ways to
> > shoot theirself in the foot:
> > 
> > 1.
> > ```
> >      data = "alert (-1)";
> >      writeln ("<script>" ~ data ~ "</script>");
> > ```
> > 
> > 2.
> > ```
> >      data = "alert (-1)";
> >      writeln (format!"<script>%s</script>" (data));
> > ```
> > 
> > 3.
> > ```
> >      data = "alert (-1)";
> >      writeln (i"<script>$(data)</script>");
> > ```
> 
> 4.
> ```d
> writefln("<script>%s</script>", data);
> ```
[...]

Actually, the footgun here is just one: writeln + CGI.  The rest are
merely specific instances of the same thing: writing unvetted data to
your output stream.  No amount of cleverness is going to prevent this;
you, as the programmer, are responsible for making sure the program
logic properly vets all data before sending them to the output stream.
If some coder wannabe can't figure out how to properly segregate their
input data from their output data, no amount of programming language
features will be able to help them.  The program logic has to be
structured in such a way that *all* input data is properly escaped, or
*all* output data is properly encoded.  The latter is much harder;
recoding input data is recommended.  If the fundamental program logic is
flawed, no magic feature will be able to fix the resulting problems.


T

-- 
Study gravitation, it's a field with a lot of potential.


More information about the Digitalmars-d mailing list