[Python-Dev] proposal: evaluated string (original) (raw)

tomer filiba tomerfiliba at gmail.com
Thu Apr 20 20:23:04 CEST 2006

We already have a slew of templating utilities (see Cheetah for example). first of all -- i know there's a bunch of templating engines, but i think it should be a built-in feature of the language. like boo does. and estr is stronger than simple $name substitution, like Template does.

Be sure to stay aware of the security risks if the fill-in values are user

specified. that's one major benefit of having it as a builtin type -- you dont have security risks, as the expression itself is embedded in your code, not something you get from the outside:

name = raw_input("what's you name?") print e"hello {name}"

does not get the expression from the user, only the values, so unless the user causes a buffer overflow with a huge string, he can't run code. the estr object is part of your code, which you trust.

If you need this, then consider using a third-party templating module.

that 50-liner estr class i presented does just that.

Using the key twice is basic to templating (once of specify where to

make the substitution and once to specify its value). This is no different from using variable names in regular code: a=1; ... ; b = a+2 # variable-a is used twice. but when it's defined once as an argument to a function, once in the template, and once in the dict, that's three times, where it can be only two.

def f(name): print e"hello {name}"

Also, the example is misleading because real-apps are substitute

variables, not constants. IOW, the above code fragment is sematically equivalent to: print "hello john".

what do you mean by that?

  1. it is less

    flexible than the class constructor which can be subclassed and extended as needed. do you often subclass str? it's a built-in type, part of the language, subclassing it doesnt make much sense. after all it's the language compiler that instanciates these types, i.e., when you do "hello", the compiler creates an instance of str() with that value, not you directly, and that's the case here.

-tomer

On 4/20/06, Raymond Hettinger <rhettinger at ewtllc.com> wrote:

> >If you don't like the $name style of template markup and prefer >delimiters instead, then check-out the recipe at: > > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/3053 > > The link should have been: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/305306

-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20060420/4b316d68/attachment.htm

More information about the Python-Dev mailing list