Am Fr., 3. Sept. 2021 um 16:53 Uhr schrieb Damian Shaw <
damian.peter.s...@gmail.com>:
> I am not convinced of tying `backticks` for a single markup language.
> Different markup languages presumably have different escape methods? Is
> Python supposed to be explicitly an HTML based language like many of the
> design choices of JavaScript?
>
>
My proposal does not suppose that Python will get explicitly an HTML based
language. I am sorry if you understood this.
Template Literals can be used for any sort of use case. My use case is
HTML. The PEP uses HTML as an example. But the implementation
would not be about HTML at all. Any kind of escaping could be done. This is
up to the user of the Template Literals.
> It also seems like a lot to ask to introduce yet another way of quoting
> strings which doesn't fit with the existing pattern of string quoting.
> Python already has single quotes, double quotes, triple single quotes,
> triple double quotes, and all of these can have an r or f placed in front
> of them to modify their behavior.
>
> I see you have a section on not using the "i" prefix, but I don't
> understand the sentence "This is an handy feature, which would not work
> reliably if there are two different prefixes". What is it trying to say?
> What would not work reliably and why?
>
>
Some lines above your quote I wrote:
"Some IDEs detect that you want use a f-string automtically".
At the moment there is only the "f" prefix. The automatic detection would
not work anymore if there would be two prefixes.
Please speak up again, if you need further explanation.
> I would like to see this PEP have a section on handling security, this PEP
> implies the Python standard library will safely escape HTML for you which
> presumably has security implications? And a section on how it will be
> updated when/if the HTML specification gets updated that may introduce new
> ways HTML can/must be escaped. And a section on what are the valid versions
> of HTML it supports? HTML5 only or does it explicitly support older
> versions of HTML?
>
>
Thank you very much!
That's a good point. I updated the PEP:
{{{
Out of scope: Save escaping of HTML
===
Template Literals are about creating a data structure.
The user of Template Literals could use this data structure for any fancy
kind
of computation.
We estimate most users will use the data structure to create HTML.
Nevertheless, how the user processes the data strucure is up to the user.
Escaping HTML and related security implications are out of scope of this
PEP.
}}}
What do you think about this section. Do you agree? If not, then please
speak up and tell
me what's wrong.
Thank you for your feedback!
Thomas
>
>
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/EFKYD22FWSIS3WDRD4JWNCW64ZIQFEPN/
Code of Conduct: http://python.org/psf/codeofconduct/
