[Python-ideas] Draft PEP on string interpolation
Paul Moore
p.f.moore at gmail.com
Mon Aug 24 23:54:54 CEST 2015
On 24 August 2015 at 22:28, Nikolaus Rath <Nikolaus at rath.org> wrote:
>> os.system(e'cat {filename}') # sleep easy
>
> *shudder*. After years of efforts to get people not to do this, you want
> to change course by 180 degrees and start telling people this is ok if
> they add an additional single character in front of the string?
>
> This sounds like very bad idea to me for many reasons:
>
> - People will forget to type the 'e', and things will appear to work
> but buggy.
> - People will forget that they need the 'e' (and the same thing will
> happen, further reinforcing the thought that the e is not required)
> - People will be confused because other languages don't have the 'e'
> (hmm. how do I do this in Perl? I guess I'll just drop the
> 'e'... *check*, works, great!)
> - People will assume that their my_custom_system() call also
> special-cases e strings and escape them (which it won't).
Agreed. In a convenience library where it's absolutely clear that a
shell is involved (something like sarge or invoke) this is OK, but not
in the stdlib as the "official" way to call external programs.
Also:
- People will fail to understand the difference between e'...' and
f'...' and will use the wrong one when using os.system, and things
will work correctly but with security vulnerabilities.
- Teaching Python will be complicated by needing to explain why both
f'...' and e'...' exist, and what the difference is. Trying to do that
for beginners without baffling them with discussions of security
vulnerabilities will be challenging...
Paul
More information about the Python-ideas
mailing list