I think one fundamental problem is that you can’t detect programmatically if a string needs to be escaped or not.
For instance, the sequence & might be an already escaped & or it might be the text to tell you how to escape an ampersand and needs to be converted to & Promoting sloppy coding by handling the most common cases is the way to it easier to create security vulnerabilities. Maybe if escaped strings had a different type than unescaped strings, but then you need a bunch of different types for different rules for escaping. _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/MLXST2LDBO7O2QAKNPAYQDYGRQEPFF37/ Code of Conduct: http://python.org/psf/codeofconduct/
