[swift-evolution] [Review] SE-0168: Multi-Line String Literals

Brent Royal-Gordon brent at architechies.com
Mon Apr 10 00:01:11 CDT 2017


> On Apr 9, 2017, at 8:46 PM, FĂ©lix Cloutier <felixcca at yahoo.ca> wrote:
> 
> For XML, I know that you have this XMLString idea, but I think that it would be very complex to implement in practice. XML has several different contexts in which escaping has to be different. For instance, you shouldn't escape the same things in an attribute value as in a comment, or in an XML text node, or in a CDATA node, and that means that you have to be aware of what you're looking for at the point where interpolation happens. It's also possible to come up with uncheckable/incorrect cases (like `<foo \(bar)>`), meaning that it either has to accept anything in some cases or be failable (and besides, "just remove :XMLString and it works!").


It is complex, and yet Rails has done this kind of thing pretty successfully (in a different, dynamic-language-y way) for about eight years: <https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/string/output_safety.rb>

You just have to scale back your ambitions slightly. Your goal is not to somehow, through the type system, prevent the construction of an invalid string. Your goal is to ensure that interpolated content is, by default, escaped enough to prevent injection attacks. Developers can still make escaping mistakes, but those mistakes will err on the side of escaping too much instead of too little. You can't prevent failure entirely, but you can fail secure instead of failing insecure.

-- 
Brent Royal-Gordon
Architechies

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-evolution/attachments/20170409/0dc516a9/attachment.html>


More information about the swift-evolution mailing list