(original) (raw)
I think it's too much effort for too little gain.
The motivation feels very weak; surely writing
os.system("echo " + message\_from\_user)
is just as easy (as is the %s spelling), so the security issue can hardly be blamed on PEP 498.
I also don't think that the current way to address such security issues is a big deal:
- The subprocess module is complex for other reasons, and a simpler wrapper could easily be made;
- Database wrappers have forever included their own solution for safely quoting query parameters, and people who still don't use that are not likely to care about i-strings either.
The motivation feels very weak; surely writing
os.system("echo " + message\_from\_user)
is just as easy (as is the %s spelling), so the security issue can hardly be blamed on PEP 498.
I also don't think that the current way to address such security issues is a big deal:
- The subprocess module is complex for other reasons, and a simpler wrapper could easily be made;
- Database wrappers have forever included their own solution for safely quoting query parameters, and people who still don't use that are not likely to care about i-strings either.
- Logging: again, it's hard to beat the existing solution, which mostly comes down to using %r instead of %s for any user-supplied or otherwise unverified data.
- HTML quoting is an art and I'm skeptical that the proposal will even work for that use case.
--Guido van Rossum (python.org/\~guido)