On Mon, Oct 13, 2008 at 08:43:48AM +0200, apfelmus wrote: > Yes. "Just" an injection problem is an understatement. And its the > implementation of the abstract data type that determines how fast things > are. Who said that it may not simply be a newtyped String ?
I think the attraction to the SafeString example is that it's simple and effective for the task at hand -- in other words, pragmatic. Suggesting that in order to avoid HTML injection people re-read the HTML spec and invent a complete ADT to represent all the little corner cases they probably won't ever use is exactly the kind of answer that would scare Joe Six-Pack Hockey Programmer away. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe