[Python-Dev] proposal: evaluated string (original) (raw)

Guido van Rossum guido at python.org
Thu Apr 20 20:24:58 CEST 2006

Tomer, please stop. We've seen your proposal. We've said "-1". Please take it instead of wasting your time trying to argue for it.

On 4/20/06, tomer filiba <tomerfiliba at gmail.com> wrote:

> We already have a slew of templating utilities (see Cheetah for example). > first of all -- i know there's a bunch of templating engines, but i think it should be a built-in feature of the language. like boo does. and estr is stronger than simple $name substitution, like Template does.

> Be sure to stay aware of the security risks if the fill-in values are user specified. > that's one major benefit of having it as a builtin type -- you dont have security risks, as the expression itself is embedded in your code, not something you get from the outside: name = rawinput("what's you name?") print e"hello {name}" does not get the expression from the user, only the values, so unless the user causes a buffer overflow with a huge string, he can't run code. the estr object is part of your code, which you trust. > If you need this, then consider using a third-party templating module. > that 50-liner estr class i presented does just that. > Using the key twice is basic to templating (once of specify where to > make the substitution and once to specify its value). This is no > different from using variable names in regular code: a=1; ... ; b = > a+2 # variable-a is used twice. > but when it's defined once as an argument to a function, once in the template, and once in the dict, that's three times, where it can be only two. def f(name): print e"hello {name}" > Also, the example is misleading because real-apps are substitute > variables, not constants. IOW, the above code fragment is sematically > equivalent to: print "hello john". what do you mean by that? > 3) it is less > flexible than the class constructor which can be subclassed and > extended as needed. > do you often subclass str? it's a built-in type, part of the language, subclassing it doesnt make much sense. after all it's the language compiler that instanciates these types, i.e., when you do "hello", the compiler creates an instance of str() with that value, not you directly, and that's the case here. -tomer On 4/20/06, Raymond Hettinger <rhettinger at ewtllc.com> wrote: > > > > >If you don't like the $name style of template markup and prefer > >delimiters instead, then check-out the recipe at: > > > > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/3053 > > > > > The link should have been: > > http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/305306 > > > >

Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org

-- --Guido van Rossum (home page: http://www.python.org/~guido/)

More information about the Python-Dev mailing list