phryk-evil-mad-sciences-llc
/
poobrains
1
0
Fork 0
Code Issues 37 Pull Requests Projects Releases Wiki Activity

f-strings vs. format strings #15

New Issue
Closed
opened 2020-06-06 15:58:06 +00:00 by phryk · 1 comment
phryk commented 2020-06-06 15:58:06 +00:00 (Migrated from rnd.phryk.net)
Copy Link

Get langsec clarity on usage of f-strings (f"foo{bar}") vs format strings ("foo%s" % bar) and adjust any places using the inferior option.

Get langsec clarity on usage of f-strings (`f"foo{bar}"`) vs format strings (`"foo%s" % bar`) and adjust any places using the inferior option.
phryk commented 2020-06-06 16:49:57 +00:00 (Migrated from rnd.phryk.net)
Copy Link

According to GothAlice (tyvm!) format strings/sprintf substitutions are "too inconsistent in use and application". Whoopsie. ¯_(ツ)_/¯

f-strings deemed best option since their base string can't be dynamic.

>>> x = "}{__name__"; f"{x}"
'}{__name__'

↑ Seems to be at least immediately injection resistant in practical test, too.

According to GothAlice (tyvm!) format strings/sprintf substitutions are "too inconsistent in use and application". Whoopsie. ¯\_(ツ)_/¯ f-strings deemed best option since their base string can't be dynamic. ``` >>> x = "}{__name__"; f"{x}" '}{__name__' ``` ↑ Seems to be at least immediately injection resistant in practical test, too.
phryk closed this issue 2021-05-14 19:04:42 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
compat
trashpandas
Labels
Clear labels   
ANA

Data analysis

  
BUG

Bug

  
CSS

[S]CSS

  
DOC

Documentation; Content – for the rendering system, see 'doc'

  
DX

Developer eXperience

  
ECO

Ecological sustainability

  
FET

Feature request

  
GFX

Graphics work. Icons and such.

  
PRO

Propaganda, Marketing, Building An Audience – call it what you will

  
SEC

Security

  
TPL

Templates; poobrains/theme/default – for theming issues, see 'rendering'

  
UX

User eXperience

  
VIS

Data visualization

  
analysis

analysis subsystem; poobrains.analysis

  
analysis.data

poobrains analysis data component; poobrains.analysis.data

  
analysis.editor

Data editor; poobrains.analysis.editor

  
analysis.util

analysis utilities; poobrains.analysis.util

  
analysis.visualization

data visualization; poobrains.analysis.visualization

  
auth

Authentication & Authorization system; poobrains.auth

  
cli

Command Line Interface; poobrains.cli

  
core

Core; Every piece of python code that's not part of a distinct subsystem

  
doc

Documentation rendering system; poobrains.doc – for content use 'DOC'

  
form

Forms system; poobrains.form

  
mailing

Mail system; poobrains.mailing

  
md

Markdown integration; poobrains.md

  
rendering

Rendering system; poobrains.rendering

  
storage

Storage system; poobrains.storage

  
svg

SVG system; poobrains.svg

  
svg.color

Color; poobrains.svg.color

  
svg.palettes

procedural palettes; poobrains.svg.palettes

  
testing

Testing system; poobrains.testing

No Label
ANA
BUG
CSS
DOC
DX
ECO
FET
GFX
PRO
SEC
TPL
UX
VIS
analysis
analysis.data
analysis.editor
analysis.util
analysis.visualization
auth
cli
core
doc
form
mailing
md
rendering
storage
svg
svg.color
svg.palettes
testing
Milestone
Clear milestone
No items
No Milestone
0.0.0.0-alpha
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: phryk-evil-mad-sciences-llc/poobrains#15
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?