[Python-Dev] Arbitrary non-identifier string keys when using **kwargs (original) (raw)

Chris Jerdonek chris.jerdonek at gmail.com
Tue Oct 9 22:46:56 EDT 2018

On Tue, Oct 9, 2018 at 7:13 PM Benjamin Peterson <benjamin at python.org> wrote:

On Tue, Oct 9, 2018, at 17:14, Barry Warsaw wrote: > On Oct 9, 2018, at 16:21, Steven D'Aprano <steve at pearwood.info> wrote: > > > > On Tue, Oct 09, 2018 at 10:26:50AM -0700, Guido van Rossum wrote: > >> My feeling is that limiting it to strings is fine, but checking those > >> strings for resembling identifiers is pointless and wasteful. > > > > Sure. The question is, do we have to support uses where people > > intentionally smuggle non-identifier strings as keys via **kwargs? > > I would not be in favor of that. I think it doesn’t make sense to be > able to smuggle those in via **kwargs when it’s not supported by > Python’s grammar/syntax.

Can anyone think of a situation where it would be advantageous for an implementation to reject non-identifier string kwargs? I can't.

One possibility is that it could foreclose certain security bugs from happening. For example, if someone has an API that accepts **kwargs, they might have the mistaken assumption that the keys are identifiers without special characters like ";" etc, and so they could make the mistake of thinking they don't need to escape / sanitize them.

--Chris

I agree with Guido—banning it would be too much trouble for no benefit.

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/chris.jerdonek%40gmail.com

More information about the Python-Dev mailing list