[Python-ideas] String interpolation for all literal strings
Barry Warsaw
barry at python.org
Thu Aug 6 20:27:41 CEST 2015
On Aug 06, 2015, at 11:01 PM, Nick Coghlan wrote:
>* you can't restrict them to "literals only", so you run a much higher risk
>of code injection attacks
In an i18n context you do sometimes need to pass in non-literals. Restricting
this thing to literals only doesn't really increase the attack vector
significantly, and does close off an important use case.
>* you can only implement them via stack walking, so name resolution doesn't
>work right. You can get at the locals and globals for the calling frame, but
>normal strings are opaque to the compiler, so lexical scoping doesn't trigger
>properly
In practice, you need sys._getframe(2) to make it work, although flufl.i18n
does allow you to specify a different depth. In practice you could probably
drop that for the most part. (ISTR an obscure use case for depth>2 but can't
remember the details.)
Really, the only nasty bit about flufl.i18n's implementation is the use of
sys._getframe(). Fortunately, it's a big of ugliness that's buried in the
implementation and never really seen by users. If there was a more better way
of getting at globals and locals, that was Python-implementation independent,
that would clean up this little wart.
Cheers,
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150806/d22a6e82/attachment.sig>
More information about the Python-ideas
mailing list