[Python-Dev] proposal: evaluated string
Guido van Rossum
guido at python.org
Thu Apr 20 20:24:58 CEST 2006
Tomer, please stop. We've seen your proposal. We've said "-1". Please
take it instead of wasting your time trying to argue for it.
On 4/20/06, tomer filiba <tomerfiliba at gmail.com> wrote:
>
> > We already have a slew of templating utilities (see Cheetah for example).
> >
> first of all -- i know there's a bunch of templating engines, but i think it
> should be a
> built-in feature of the language. like boo does. and estr is stronger than
> simple
> $name substitution, like Template does.
>
>
> > Be sure to stay aware of the security risks if the fill-in values are user
> specified.
> >
> that's one major benefit of having it as a builtin type -- you dont have
> security risks,
> as the expression itself is embedded in your code, not something you get
> from the
> outside:
>
> name = raw_input("what's you name?")
> print e"hello {name}"
>
> does not get the *expression* from the user, only the *values*, so unless
> the user
> causes a buffer overflow with a huge string, he can't run code. the estr
> object is part
> of *your* code, which you trust.
>
>
> > If you need this, then consider using a third-party templating module.
> >
> that 50-liner estr class i presented does just that.
>
>
> > Using the key twice is basic to templating (once of specify where to
> > make the substitution and once to specify its value). This is no
> > different from using variable names in regular code: a=1; ... ; b =
> > a+2 # variable-a is used twice.
> >
> but when it's defined once as an argument to a function, once in the
> template,
> and once in the dict, that's three times, where it can be only two.
>
> def f(name):
> print e"hello {name}"
>
>
> > Also, the example is misleading because real-apps are substitute
> > variables, not constants. IOW, the above code fragment is sematically
> > equivalent to: print "hello john".
>
>
> what do you mean by that?
>
>
> > 3) it is less
> > flexible than the class constructor which can be subclassed and
> > extended as needed.
> >
> do you often subclass str? it's a built-in type, part of the language,
> subclassing it doesnt
> make much sense. after all it's the language compiler that instanciates
> these types, i.e.,
> when you do "hello", the compiler creates an instance of str() with that
> value, not you
> directly, and that's the case here.
>
>
> -tomer
>
>
> On 4/20/06, Raymond Hettinger <rhettinger at ewtllc.com> wrote:
> >
> > >
> > >If you don't like the $name style of template markup and prefer
> > >delimiters instead, then check-out the recipe at:
> > >
> > >
> http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/3053
> > >
> > >
> > The link should have been:
> >
> >
> http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/305306
> >
> >
> >
> >
>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> http://mail.python.org/mailman/options/python-dev/guido%40python.org
>
>
>
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list