Taint (like in Perl) as a Python module: taint.py
Ben Finney
bignose+hates-spam at benfinney.id.au
Mon Feb 5 21:01:51 EST 2007
"Gabriel Genellina" <gagsl-py at yahoo.com.ar> writes:
> I suppose you don't intend to publish the SafeString class - but if
> anyone can get a SafeString instance in any way or another, he can
> convert *anything* into a SafeString trivially.
The point (in Perl) of detecting taint isn't to prevent a programmer
from deliberately removing the taint. It's to help the programmer find
places in the code where taint accidentally remains.
> And tainted() returns False by default?????
> Sorry but in general, this won't work :(
I'm inclined to agree that the default should be to flag an object as
tainted unless known otherwise.
--
\ "On the other hand, you have different fingers." -- Steven |
`\ Wright |
_o__) |
Ben Finney
More information about the Python-list
mailing list