<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><div class="">On Apr 7, 2017, at 2:15 PM, Félix Cloutier via swift-evolution <<a href="mailto:swift-evolution@swift.org" class="">swift-evolution@swift.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;">I don't necessarily think that the concept is a bad idea, but I think that the interaction of Swift features facilitates poor coding decisions. For example, the proposal interpolates an `author` variable straight into an XML document, and suggests doing the same to JSON strings. To me, this shows that an important use case of the feature is to format payloads in a way that is known to cause vulnerabilities.</div></div></blockquote><br class=""></div><div>I don't know if it will be reviewed for Swift 4, let alone be accepted, but I have a proposal in for a revised string interpolation protocol. One of the major use cases I considered was types which provided safe interpolation for things like markup languages and JSON. So, for instance, if you wrote this:</div><div><br class=""></div><div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>let xml: XMLString = """</div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <?xml version="1.0"?></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <catalog></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <book id="bk101" empty=""></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <author>\(author)</author></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <title>XML Developer's Guide</title></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <genre>Computer</genre></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <price>44.95</price></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <publish_date>2000-10-01</publish_date></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> <description>An in-depth look at creating applications with XML.</description></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> </book></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> </catalog></div><div class=""><span class="Apple-tab-span" style="white-space: pre;"> </span> """</div></div><div class=""><br class=""></div><div class="">XMLString could escape `author` by default, unless it were itself an `XMLString` or you wrote the interpolation as `\(raw: author)`. And of course, this being Swift, `XMLString` would not necessarily have to be stated explicitly; it could come from being concatenated to an `XMLString`, passed in an `XMLString` parameter, or assigned to an `XMLString` property.</div><div class=""><br class=""></div><div class="">So I think this particular concern is orthogonal to the question of supporting multiline strings. Escaping safety is possible—it's just a separate feature.</div><br class=""><div class="">
<span class="Apple-style-span" style="border-collapse: separate; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; line-height: normal; border-spacing: 0px;"><div class=""><div style="font-size: 12px; " class="">-- </div><div style="font-size: 12px; " class="">Brent Royal-Gordon</div><div style="font-size: 12px; " class="">Architechies</div></div></span>
</div>
<br class=""></body></html>