[swift-evolution] [Review] SE-0168: Multi-Line String Literals

Brent Royal-Gordon brent at architechies.com
Fri Apr 7 16:55:20 CDT 2017

> On Apr 7, 2017, at 2:15 PM, Félix Cloutier via swift-evolution <swift-evolution at swift.org> wrote:
> I don't necessarily think that the concept is a bad idea, but I think that the interaction of Swift features facilitates poor coding decisions. For example, the proposal interpolates an `author` variable straight into an XML document, and suggests doing the same to JSON strings. To me, this shows that an important use case of the feature is to format payloads in a way that is known to cause vulnerabilities.

I don't know if it will be reviewed for Swift 4, let alone be accepted, but I have a proposal in for a revised string interpolation protocol. One of the major use cases I considered was types which provided safe interpolation for things like markup languages and JSON. So, for instance, if you wrote this:

	let xml: XMLString = """
	    <?xml version="1.0"?>
	        <book id="bk101" empty="">
	            <title>XML Developer's Guide</title>
	            <description>An in-depth look at creating applications with XML.</description>

XMLString could escape `author` by default, unless it were itself an `XMLString` or you wrote the interpolation as `\(raw: author)`. And of course, this being Swift, `XMLString` would not necessarily have to be stated explicitly; it could come from being concatenated to an `XMLString`, passed in an `XMLString` parameter, or assigned to an `XMLString` property.

So I think this particular concern is orthogonal to the question of supporting multiline strings. Escaping safety is possible—it's just a separate feature.

Brent Royal-Gordon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-evolution/attachments/20170407/e45862c9/attachment.html>

More information about the swift-evolution mailing list