[swift-evolution] Strings in Swift 4
Dave Abrahams
dabrahams at apple.com
Fri Jan 20 16:20:33 CST 2017
on Fri Jan 20 2017, Gwendal Roué <swift-evolution at swift.org> wrote:
>> One ask - make string interpolation great again?
>
> I have a dream, that ExpressibleByStringInterpolation would allow to distinguish literal segments
> and embedded inputs.
>
> Today, the documentation of this protocol [1] says:
>
> "One cookie: $\(price), \(number) cookies: $\(price * number)."
> // <=>
> let message = String(stringInterpolation:
> String(stringInterpolationSegment: "One cookie: $"),
> String(stringInterpolationSegment: price),
> String(stringInterpolationSegment: ", "),
> String(stringInterpolationSegment: number),
> String(stringInterpolationSegment: " cookies: $"),
> String(stringInterpolationSegment: price * number),
> String(stringInterpolationSegment: "."))
>
> This means that ExpressibleByStringInterpolation can't distinguish "foo" from `bar` in "foo\(bar)".
>
> If this distinction were possible, some nice features could emerge, such as context-sensitive
> escaping:
>
> // func render(_ html: HTML)
> let title = "<script>boom();</script>"
> render("<h1>\(title)</h1>") // escapes input
>
> // func query(_ sql: SQL)
> let name = "Robert'); DROP TABLE students; --"
> query("SELECT * FROM students WHERE name = \(name)") // avoids SQL injection
>
> Ideally, a solution for multi-line literals (for strings and interpolated strings) would be found,
> too.
>
> I wish the manifesto would address these topics as well :-)
This is totally something we want to fix, but as part of a wholesale
reform of the ExpressibleByXXX protocols. It's outside the scope of the
manifesto.
--
-Dave
More information about the swift-evolution
mailing list