Right. I didn't give much thought about possible XSS and other injection vulnerabilities. I am open to idea about how this thing can be misused and if anything can be done about it.
The purpose of this proposal is to provide a way for developer to conveniently construct a string, and for translator to be able to translate a message. I read through quasis proposal (and one more time just now), but don't feel that's a good solution for this type of problems. shanjian On Wed, Mar 9, 2011 at 8:20 AM, ☻Mike Samuel <msam...@google.com> wrote: > On Tue, Mar 8, 2011 at 22:47, Mark S. Miller <erig...@google.com> wrote: > > [+msamuel] > > I don't understand. I see that this proposal references quasis, but I > don't > > see how it subsumes the safety quasis provide against quoting confusions, > > e.g., that lead to XSS and other injection vulnerabilities. What am I > > missing? > > It doesn't seem to and it doesn't seem to claim to. > Is that right Shanjian? > Is there nothing that mitigates quoting confusion in this proposal? > > > > On Wed, Mar 9, 2011 at 12:21 AM, Shanjian Li <shanj...@google.com> > wrote: > >> > >> EcmaScript lacks a method to format strings in a flexible and > controllable > >> manner. Most EcmaScript strings are constructed by concatenating a > series of > >> substrings. Such practice really hurts code readability. Especially for > >> localization, it is almost impossible to translate the string when it is > >> split into multiple pieces. This problem has been identified long > before. > >> Brendan Eich proposed something in 2006 for ECMA 3 (discussion). Mike > >> Samuel’s quasis and Douglas Crockford’s string_format each proposed a > >> solution as well. This proposal references those proposals, and borrows > many > >> ideas introduced by Python (http://www.python.org/dev/peps/pep-3101/). > This > >> proposal also applies lessons learned in Localization (l10n) and > >> Internationalization (i18n) practice, both in Javascript and other > >> languages. > >> > >> http://wiki.ecmascript.org/doku.php?id=strawman:string_format_take_two > >> Please kindly review the proposal and let me know your feedback. > >> shanjian > >> _______________________________________________ > >> es-discuss mailing list > >> es-discuss@mozilla.org > >> https://mail.mozilla.org/listinfo/es-discuss > >> > > > > > > > > -- > > Cheers, > > --MarkM > > >
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss
